Analysis
-
max time kernel
1610953s -
platform
android_x86 -
resource
android-x86-arm -
submitted
19-08-2021 20:03
Static task
static1
Behavioral task
behavioral1
Sample
Chrome546758.apk
Resource
android-x86-arm
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Chrome546758.apk
Resource
android-x64-arm64
0 signatures
0 seconds
General
-
Target
Chrome546758.apk
-
Size
3.9MB
-
MD5
894fe2772e0dcacb289aec6c2e270309
-
SHA1
8e7dce465a012b44541f2d69706712dca633477a
-
SHA256
1cd7bab3a22cf44741925eb1ee5f969ccca01ff78ce6f3f010fdf6f93875c8fb
-
SHA512
71ce5ce44c6d9679aef9420552990e26ae634ad4c2ca293ce1c22002f794029c5253d3653f1114ca0e8d5eba7ad49517539c7bfd6e8a6e6e01061703ab3640cd
Score
10/10
Malware Config
Extracted
Family
alienbot
C2
http://a05qdzfe6qa1.xyz
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/array.exactly.principal/app_DynamicOptDex/zKbfVSpLFNfmizch.json 5016 /system/bin/dex2oat /data/user/0/array.exactly.principal/app_DynamicOptDex/zKbfVSpLFNfmizch.json 4982 array.exactly.principal -
Uses reflection 2 IoCs
description pid Process Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4982 array.exactly.principal Invokes method android.content.pm.PackageManager.isInstantApp 4982 array.exactly.principal