Analysis
-
max time kernel
1498211s -
max time network
65s -
platform
android_x64 -
resource
android-x64 -
submitted
18-08-2021 12:45
Static task
static1
Behavioral task
behavioral1
Sample
f0c01e8d32799d24ebb463e45ea5626eee6c852ea1a9eae012e27acac77f1676.apk
Resource
android-x64
0 signatures
0 seconds
General
-
Target
f0c01e8d32799d24ebb463e45ea5626eee6c852ea1a9eae012e27acac77f1676.apk
-
Size
3.2MB
-
MD5
54be1c3f4125c3f4967a3e7a6b063de7
-
SHA1
a7eecfd9dcb060e14df2232a9a3438b1512f433c
-
SHA256
f0c01e8d32799d24ebb463e45ea5626eee6c852ea1a9eae012e27acac77f1676
-
SHA512
f37c2b04fada172c1275519d37e7e3f8d6ed5ee47b2a1303b0f22adccb6404c302f2e206464c884315dd3ba8061c0c1761d952704736ac5d333cbb3deee2105d
Score
10/10
Malware Config
Extracted
Family
alienbot
C2
http://ebruok3oam.digital
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/turkey.library.win/app_DynamicOptDex/xDQW.json 3664 turkey.library.win /data/user/0/turkey.library.win/app_DynamicOptDex/xDQW.json 3664 turkey.library.win -
Uses reflection 3 IoCs
description pid Process Invokes method dalvik.system.CloseGuard.get 3664 turkey.library.win Invokes method dalvik.system.CloseGuard.open 3664 turkey.library.win Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 3664 turkey.library.win