Analysis
-
max time kernel
1610839s -
max time network
66s -
platform
android_x64 -
resource
android-x64-arm64 -
submitted
19-08-2021 20:03
Static task
static1
Behavioral task
behavioral1
Sample
Chrome546758.apk
Resource
android-x86-arm
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Chrome546758.apk
Resource
android-x64-arm64
0 signatures
0 seconds
General
-
Target
Chrome546758.apk
-
Size
3.9MB
-
MD5
894fe2772e0dcacb289aec6c2e270309
-
SHA1
8e7dce465a012b44541f2d69706712dca633477a
-
SHA256
1cd7bab3a22cf44741925eb1ee5f969ccca01ff78ce6f3f010fdf6f93875c8fb
-
SHA512
71ce5ce44c6d9679aef9420552990e26ae634ad4c2ca293ce1c22002f794029c5253d3653f1114ca0e8d5eba7ad49517539c7bfd6e8a6e6e01061703ab3640cd
Score
10/10
Malware Config
Extracted
Family
alienbot
C2
http://a05qdzfe6qa1.xyz
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/array.exactly.principal/app_DynamicOptDex/zKbfVSpLFNfmizch.json 4058 array.exactly.principal -
Uses reflection 3 IoCs
description pid Process Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4058 array.exactly.principal Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4058 array.exactly.principal Acesses field javax.security.auth.x500.X500Principal.thisX500Name 4058 array.exactly.principal
Processes
-
array.exactly.principal1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:4058 -
array.exactly.principal2⤵PID:5943
-
-
array.exactly.principal2⤵PID:6107
-
-
array.exactly.principal2⤵PID:6241
-
-
array.exactly.principal2⤵PID:6315
-
-
array.exactly.principal2⤵PID:6357
-