Analysis
-
max time kernel
1056297s -
max time network
51s -
platform
android_x64 -
resource
android-x64 -
submitted
13-08-2021 10:01
Static task
static1
Behavioral task
behavioral1
Sample
0b018c290dbb5aa2af3f324f2a83c6654d5a47e4026413a6a082623bf2e35787.apk
Resource
android-x64
0 signatures
0 seconds
General
-
Target
0b018c290dbb5aa2af3f324f2a83c6654d5a47e4026413a6a082623bf2e35787.apk
-
Size
2.6MB
-
MD5
a33fa98242f62443e0304aa0c886e204
-
SHA1
7c0ec3f1f1610e266cafe77991404d53b635b9ec
-
SHA256
0b018c290dbb5aa2af3f324f2a83c6654d5a47e4026413a6a082623bf2e35787
-
SHA512
82273a0e16b0c131bdebf51981ca99c7e2ba60092353382388b336af10547f7108850c6994ec6ddac4e34f571d9928637c4d6de00117a3d6230c3cb21f510b78
Score
10/10
Malware Config
Extracted
Family
alienbot
C2
http://feawetawe.sbs
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/crime.fashion.dentist/app_DynamicOptDex/OryanwM.json 3604 crime.fashion.dentist /data/user/0/crime.fashion.dentist/app_DynamicOptDex/OryanwM.json 3604 crime.fashion.dentist -
Uses reflection 3 IoCs
description pid Process Invokes method dalvik.system.CloseGuard.get 3604 crime.fashion.dentist Invokes method dalvik.system.CloseGuard.open 3604 crime.fashion.dentist Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 3604 crime.fashion.dentist