Analysis
-
max time kernel
1698614s -
platform
android_x86 -
resource
android-x86-arm -
submitted
20-08-2021 20:24
Static task
static1
Behavioral task
behavioral1
Sample
Google_Play_Protect.apk
Resource
android-x86-arm
0 signatures
0 seconds
General
-
Target
Google_Play_Protect.apk
-
Size
3.3MB
-
MD5
0e4f6a0903ba99d6595ba32ee172dad3
-
SHA1
fae70fdbf2872e09860a1f875c36a9229d52d03f
-
SHA256
e9d76237d04e6f4eb66425f26e6c8441effd2fbbc6cb29cd5d2a2605491c7502
-
SHA512
ee541d58e4b5adf22ebd47bd6ff4cc944c2987ad6613a6f79850fe848925f9d803a32559f25f303ebcae199a7ab7eeb4bc65486522e027ffd1c3df4c9a0e0f3a
Score
10/10
Malware Config
Extracted
Family
alienbot
C2
https://instagrambuyukprofil.com
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/gun.scrub.end/app_DynamicOptDex/fhF.json 4987 gun.scrub.end /data/user/0/gun.scrub.end/app_DynamicOptDex/fhF.json 5011 /system/bin/dex2oat /data/user/0/gun.scrub.end/app_DynamicOptDex/fhF.json 4987 gun.scrub.end -
Uses reflection 14 IoCs
description pid Process Acesses field com.android.okhttp.internal.tls.OkHostnameVerifier.INSTANCE 4987 gun.scrub.end Invokes method android.content.pm.PackageManager.isInstantApp 4987 gun.scrub.end Invokes method dalvik.system.CloseGuard.get 4987 gun.scrub.end Invokes method dalvik.system.CloseGuard.open 4987 gun.scrub.end Invokes method dalvik.system.CloseGuard.get 4987 gun.scrub.end Invokes method dalvik.system.CloseGuard.open 4987 gun.scrub.end Invokes method dalvik.system.CloseGuard.get 4987 gun.scrub.end Invokes method dalvik.system.CloseGuard.open 4987 gun.scrub.end Invokes method dalvik.system.CloseGuard.get 4987 gun.scrub.end Invokes method dalvik.system.CloseGuard.open 4987 gun.scrub.end Invokes method dalvik.system.CloseGuard.get 4987 gun.scrub.end Invokes method dalvik.system.CloseGuard.open 4987 gun.scrub.end Invokes method dalvik.system.CloseGuard.get 4987 gun.scrub.end Invokes method dalvik.system.CloseGuard.open 4987 gun.scrub.end