Analysis

  • max time kernel
    1318096s
  • max time network
    185s
  • platform
    android_x64
  • resource
    android-x64
  • submitted
    16-08-2021 10:44

General

  • Target

    Android_Guncelleme.apk

  • Size

    3.4MB

  • MD5

    ea32dfb83dff2f55084a22624077dd6e

  • SHA1

    0b994725abc116f194007865b898e981f0b41e4d

  • SHA256

    9b288f10d587a1390b422e385e7813b24f51b34304ac0585242b865a7a1b9be6

  • SHA512

    4491c85229d063c6c63d2ccacb08505650030767237692ad06f3fc3a527296e06d8aed09c56088f38463b3ceb31d1cedb1f06eb5a823d194f2ffe16b16d1a779

Malware Config

Extracted

Family

alienbot

C2

http://34.89.218.199

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads name of network operator 1 IoCs

    Uses Android APIs to discover system information.

  • Uses reflection 19 IoCs

Processes

  • pole.crumble.burden
    1⤵
    • Loads dropped Dex/Jar
    • Reads name of network operator
    • Uses reflection
    PID:3619

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads