Analysis

  • max time kernel
    1499762s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-x64-arm64
  • submitted
    18-08-2021 13:10

General

  • Target

    edf3f11dac0a98f3d79cb096edc19cb3ce57a8f315d03718e88c18df8ef5ab7a.apk

  • Size

    4.0MB

  • MD5

    db19462e0180969c5b32b7e8df4c1152

  • SHA1

    875d927730bfed5fcf148f3636509b8b9d33b8c5

  • SHA256

    edf3f11dac0a98f3d79cb096edc19cb3ce57a8f315d03718e88c18df8ef5ab7a

  • SHA512

    1a5d4971d607dc491bd235646fb2e21496c18235577222da96f13fc248de762283d79099316651616ed4d94ddf863f9da68286513f146ea69abd71772edbe931

Malware Config

Extracted

Family

alienbot

C2

http://kokosrumianzua.ml

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

  • Checks Android system properties for emulator presence. 1 IoCs
  • Loads dropped Dex/Jar 4 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Uses reflection 27 IoCs

Processes

  • torch.once.all
    1⤵
    • Checks Android system properties for emulator presence.
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Uses reflection
    PID:4093
    • torch.once.all
      2⤵
        PID:6781
      • torch.once.all
        2⤵
          PID:6810
        • torch.once.all
          2⤵
            PID:6937
          • torch.once.all
            2⤵
              PID:6967

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads