alienbot | 2462c1cb5990bd2790a70b9fcd3dd5df1ee74d264073fc449d09ff7fb1307d64 | Triage

Analysis

max time kernel
2118672s
max time network
219s
platform
android_x64
resource
android-x64-arm64
submitted
14/10/2021, 10:05

Sharing

Report Analysis Logs

General

Target

2462c1cb5990bd2790a70b9fcd3dd5df1ee74d264073fc449d09ff7fb1307d64.apk
Size

415KB
MD5

2ac3d49a4c491cdf6e93f2032b3e5a61
SHA1

a7fedc0a98df5b56a39461155919261e99a46dcc
SHA256

2462c1cb5990bd2790a70b9fcd3dd5df1ee74d264073fc449d09ff7fb1307d64
SHA512

3c12104ec697f6495d1575c992b4e703214f1fcca86cf70cebf3635a90ff459801d4abe2958d65be6cea5c7eb143af2b7592840032ec320c5bdd28104186f566

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

C2

http://toklomenezfoget.net

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Checks Android system properties for emulator presence. 1 IoCs

description	ioc	Process
Accessed system property	key: ro.product.model	com.gkhsuezcqixnzxcb.xeuuazxubnt

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/product/app/TrichromeLibrary/TrichromeLibrary.apk	5434	com.gkhsuezcqixnzxcb.xeuuazxubnt
/product/app/TrichromeLibrary/TrichromeLibrary.apk	5434	com.gkhsuezcqixnzxcb.xeuuazxubnt

com.gkhsuezcqixnzxcb.xeuuazxubnt
1⤵
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
PID:5434

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads