Analysis

  • max time kernel
    1267286s
  • max time network
    187s
  • platform
    android_x64
  • resource
    android-x64-arm64
  • submitted
    15-08-2021 20:37

General

  • Target

    AndroidGuncelleme.apk

  • Size

    3.4MB

  • MD5

    c58cb2d542178830e7d1a52227116256

  • SHA1

    741f00d6ea8150d2baa39f27ca74c867284f993b

  • SHA256

    59b0c482d02ef1211b936a329a99819f7c3c603808960b53eca558f293362c85

  • SHA512

    36461b81c8dbb3fd5e3ded0d948a58b0f61e96753d4525fa0ce7671bef62078aeb69a292ccbf65071394d7bbec3277a3cec257a892f253cc86558bcb1c6d5657

Malware Config

Extracted

Family

alienbot

C2

http://34.141.27.218

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads name of network operator 1 IoCs

    Uses Android APIs to discover system information.

  • Uses reflection 8 IoCs

Processes

  • glove.resist.bring
    1⤵
    • Loads dropped Dex/Jar
    • Reads name of network operator
    • Uses reflection
    PID:4654

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads