Analysis
-
max time kernel
1048992s -
max time network
51s -
platform
android_x64 -
resource
android-x64 -
submitted
13-08-2021 07:57
Static task
static1
Behavioral task
behavioral1
Sample
a555ebe04e885d1a345dc5073f3e012931011b89df5f785e5d8e60ccaf20080a.apk
Resource
android-x64
0 signatures
0 seconds
General
-
Target
a555ebe04e885d1a345dc5073f3e012931011b89df5f785e5d8e60ccaf20080a.apk
-
Size
2.5MB
-
MD5
3cdffd15593dc4ffcbaba4dff46c6919
-
SHA1
0286e132e593a9fe900b5db903364d74a5a23bfa
-
SHA256
a555ebe04e885d1a345dc5073f3e012931011b89df5f785e5d8e60ccaf20080a
-
SHA512
80416f41d061773a17ad215aa0630451b22ef386af2083b46d0a8af68e6e89f4942d52f4cf0f6172decdbe28a0398211f9f9b9ad34a06b1eef32812d5e4d635f
Score
10/10
Malware Config
Extracted
Family
alienbot
C2
http://deliveriesexpress.net
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/ycxnwnkldpgknb.cenzkhgsclmcpcfbdpfxkmwsoxg.hgtijgcxzpaaabjbalw/app_DynamicOptDex/OPjC.json 3606 ycxnwnkldpgknb.cenzkhgsclmcpcfbdpfxkmwsoxg.hgtijgcxzpaaabjbalw /data/user/0/ycxnwnkldpgknb.cenzkhgsclmcpcfbdpfxkmwsoxg.hgtijgcxzpaaabjbalw/app_DynamicOptDex/OPjC.json 3606 ycxnwnkldpgknb.cenzkhgsclmcpcfbdpfxkmwsoxg.hgtijgcxzpaaabjbalw -
Uses reflection 5 IoCs
description pid Process Invokes method dalvik.system.CloseGuard.get 3606 ycxnwnkldpgknb.cenzkhgsclmcpcfbdpfxkmwsoxg.hgtijgcxzpaaabjbalw Invokes method dalvik.system.CloseGuard.open 3606 ycxnwnkldpgknb.cenzkhgsclmcpcfbdpfxkmwsoxg.hgtijgcxzpaaabjbalw Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 3606 ycxnwnkldpgknb.cenzkhgsclmcpcfbdpfxkmwsoxg.hgtijgcxzpaaabjbalw Invokes method dalvik.system.CloseGuard.get 3606 ycxnwnkldpgknb.cenzkhgsclmcpcfbdpfxkmwsoxg.hgtijgcxzpaaabjbalw Invokes method dalvik.system.CloseGuard.open 3606 ycxnwnkldpgknb.cenzkhgsclmcpcfbdpfxkmwsoxg.hgtijgcxzpaaabjbalw