Analysis
-
max time kernel
1057017s -
max time network
72s -
platform
android_x64 -
resource
android-x64 -
submitted
13-08-2021 10:12
Static task
static1
Behavioral task
behavioral1
Sample
e3242bbd0a14045280fe57c7eca7c16a332a79edf58662c3e4ffa825bf78568c.apk
Resource
android-x64
0 signatures
0 seconds
General
-
Target
e3242bbd0a14045280fe57c7eca7c16a332a79edf58662c3e4ffa825bf78568c.apk
-
Size
4.1MB
-
MD5
c964e7894329592360aff35b7b23205e
-
SHA1
cfecbbb47621aae31c38dd3627731362faf1638b
-
SHA256
e3242bbd0a14045280fe57c7eca7c16a332a79edf58662c3e4ffa825bf78568c
-
SHA512
439c8bc169dac94fedb73c2e8c77c09d6cd0848765ec6ebe41fb49464ce6b48c1c3dee7c925da34c2b91a39604b0365eddba8fe60cf5946c0bd7128e51f30bf0
Score
10/10
Malware Config
Extracted
Family
alienbot
C2
http://vaydemenescomeres.net
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/damage.found.shrug/app_DynamicOptDex/ygDNLCw.json 3679 damage.found.shrug /data/user/0/damage.found.shrug/app_DynamicOptDex/ygDNLCw.json 3679 damage.found.shrug -
Uses reflection 3 IoCs
description pid Process Invokes method dalvik.system.CloseGuard.get 3679 damage.found.shrug Invokes method dalvik.system.CloseGuard.open 3679 damage.found.shrug Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 3679 damage.found.shrug