Analysis

  • max time kernel
    1698614s
  • platform
    android_x86
  • resource
    android-x86-arm
  • submitted
    20-08-2021 20:24

General

  • Target

    Google_Play_Protect.apk

  • Size

    3.3MB

  • MD5

    0e4f6a0903ba99d6595ba32ee172dad3

  • SHA1

    fae70fdbf2872e09860a1f875c36a9229d52d03f

  • SHA256

    e9d76237d04e6f4eb66425f26e6c8441effd2fbbc6cb29cd5d2a2605491c7502

  • SHA512

    ee541d58e4b5adf22ebd47bd6ff4cc944c2987ad6613a6f79850fe848925f9d803a32559f25f303ebcae199a7ab7eeb4bc65486522e027ffd1c3df4c9a0e0f3a

Malware Config

Extracted

Family

alienbot

C2

https://instagrambuyukprofil.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses reflection 14 IoCs

Processes

  • gun.scrub.end
    1⤵
    • Loads dropped Dex/Jar
    • Uses reflection
    PID:4987
    • gun.scrub.end
      2⤵
        PID:5011
      • /system/bin/dex2oat
        2⤵
        • Loads dropped Dex/Jar
        PID:5011

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads