Analysis

  • max time kernel
    1498610s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    18-08-2021 12:50

General

  • Target

    cfba696dc3b975552566d3ec7d47e6624b863bc79e90889d4021966966c05f1a.apk

  • Size

    3.1MB

  • MD5

    f820a0b768098cb585e1126a49775284

  • SHA1

    ee2e3e817f611555f75e48f5648e520d37c6f897

  • SHA256

    cfba696dc3b975552566d3ec7d47e6624b863bc79e90889d4021966966c05f1a

  • SHA512

    3edc90eafbfbf65a7e05e34715aac891b423f7ef5e0fa1e0d797c9f91531eb7cf6e379ac593111b8b858f78475e3a52875edc4749e275c14070258c5bde006f4

Malware Config

Extracted

Family

alienbot

C2

http://tayderik.net

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Uses reflection 14 IoCs

Processes

  • pilot.guess.town
    1⤵
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Uses reflection
    PID:4991
    • pilot.guess.town
      2⤵
        PID:5015
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:5015

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads