Resubmissions

19-08-2021 20:43

210819-pbd498x856 10

19-08-2021 20:35

210819-sqjexdpt7e 10

Analysis

  • max time kernel
    1613366s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    19-08-2021 20:43

General

  • Target

    Chrome505543.apk

  • Size

    3.9MB

  • MD5

    73f666b3dc5ee66e202b3e365a524d5d

  • SHA1

    3195a268d5fe4c181cf4178322afe629b03f1064

  • SHA256

    00c462f5b13e3bf21cc7b913719188644fac34cfb7a80893d551bbf512bb8570

  • SHA512

    5abd49342885a144ae0284cd258fd3ba2a8311b6c932e2fe5619dc89e3947f9c7478978d44c836c4348f17d73f51c9ce4516d2dc204e9b93d800720d1cb9217c

Malware Config

Extracted

Family

alienbot

C2

http://a05qdzfe6qa1.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Uses reflection 2 IoCs

Processes

  • there.discovery.excitement
    1⤵
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Uses reflection
    PID:4995
    • there.discovery.excitement
      2⤵
        PID:5029
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:5029

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads