Analysis
-
max time kernel
1498388s -
max time network
65s -
platform
android_x64 -
resource
android-x64 -
submitted
18-08-2021 12:48
Static task
static1
Behavioral task
behavioral1
Sample
b9dda4ec9c20cf2805f3ee244a6004a65592c7c740b5f4c8dd918b24dcab738d.apk
Resource
android-x64
0 signatures
0 seconds
General
-
Target
b9dda4ec9c20cf2805f3ee244a6004a65592c7c740b5f4c8dd918b24dcab738d.apk
-
Size
3.3MB
-
MD5
b358f29035d4452c5b47deed93939a71
-
SHA1
30d116ea527d78c32c5f1a7053009a546e0ec02d
-
SHA256
b9dda4ec9c20cf2805f3ee244a6004a65592c7c740b5f4c8dd918b24dcab738d
-
SHA512
31611c3b6bcb2da8cdf172c10e45fc6d50cf414d40d60a502a84b0abde14bce94db5461ec09cad77069ab09bb1d9691fe981dc9dc63fa5803a543e7d933664d6
Score
10/10
Malware Config
Extracted
Family
alienbot
C2
http://lpopadosad.live
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/deer.payment.horn/app_DynamicOptDex/srd.json 3664 deer.payment.horn /data/user/0/deer.payment.horn/app_DynamicOptDex/srd.json 3664 deer.payment.horn -
Uses reflection 3 IoCs
description pid Process Invokes method dalvik.system.CloseGuard.get 3664 deer.payment.horn Invokes method dalvik.system.CloseGuard.open 3664 deer.payment.horn Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 3664 deer.payment.horn