Analysis
-
max time kernel
1056842s -
max time network
81s -
platform
android_x64 -
resource
android-x64 -
submitted
13-08-2021 10:09
Static task
static1
Behavioral task
behavioral1
Sample
38e59c9876d09730d7e5d03204ebff9d9b6072108838354e62ab4b62e28bb839.apk
Resource
android-x64
0 signatures
0 seconds
General
-
Target
38e59c9876d09730d7e5d03204ebff9d9b6072108838354e62ab4b62e28bb839.apk
-
Size
3.6MB
-
MD5
ebcc01dc4c4f5b5a1d691c5684b4b197
-
SHA1
81b0a11fa3344e57d37fc97f268532d8339fbbe3
-
SHA256
38e59c9876d09730d7e5d03204ebff9d9b6072108838354e62ab4b62e28bb839
-
SHA512
ec7de69877ee767062fdf4ad375324f22c00b44675c9e037ad07e01a72441f3ef7f4b52048d8c4e62bb8c331ccd52cd85ec0482b6def34944b08d61225bf93e6
Score
10/10
Malware Config
Extracted
Family
alienbot
C2
http://salakodenekoz.net
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/custom.best.orchard/app_DynamicOptDex/jEc.json 3661 custom.best.orchard /data/user/0/custom.best.orchard/app_DynamicOptDex/jEc.json 3661 custom.best.orchard -
Uses reflection 3 IoCs
description pid Process Invokes method dalvik.system.CloseGuard.get 3661 custom.best.orchard Invokes method dalvik.system.CloseGuard.open 3661 custom.best.orchard Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 3661 custom.best.orchard