Analysis
-
max time kernel
1407385s -
max time network
168s -
platform
android_x64 -
resource
android-x64-arm64 -
submitted
17-08-2021 11:30
Static task
static1
Behavioral task
behavioral1
Sample
61235463c9950b19b86c57f9082ab0c8f966d4a59f6e48894cb621b740ffdfb8.apk
Resource
android-x64-arm64
0 signatures
0 seconds
General
-
Target
61235463c9950b19b86c57f9082ab0c8f966d4a59f6e48894cb621b740ffdfb8.apk
-
Size
3.8MB
-
MD5
6284fdaa36599b46900173d9f3443ad8
-
SHA1
8dbd55cfc6a3974ceae902630394f6341c58d175
-
SHA256
61235463c9950b19b86c57f9082ab0c8f966d4a59f6e48894cb621b740ffdfb8
-
SHA512
56beb077f79ffdcbe0a3a68c611f6608ea330b6bfa74a25db0e9a71455148b76f1e44938214011e4533c57e4f3a357f5fff89ef606d6db65033a71640623a75c
Score
10/10
Malware Config
Extracted
Family
alienbot
C2
http://hermenegildo.xyz
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/spirit.painting.cancel/app_DynamicOptDex/mmroheraaaygftk.json 4184 spirit.painting.cancel -
Uses reflection 3 IoCs
description pid Process Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4184 spirit.painting.cancel Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4184 spirit.painting.cancel Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4184 spirit.painting.cancel