alienbot | c2ea0cee960e500ffb9d7bb46d5a2272765dcf9afd55e4e933232c8d33d85295 | Triage

Analysis

max time kernel
2484636s
max time network
223s
platform
android_x64
resource
android-x64
submitted
07/12/2021, 08:52

Sharing

Report Analysis Logs

General

Target

bundle.apk
Size

1.8MB
MD5

6365e05d01abc00295d40826ffec8388
SHA1

87723c64205336b8d13859ceeb3be672d7a1f51c
SHA256

c2ea0cee960e500ffb9d7bb46d5a2272765dcf9afd55e4e933232c8d33d85295
SHA512

14807dfc9425c36469825c9bb44cd5faf965d903bda756e3fb7f01b7fe75d52fb0120e8ad412a3e6ea8a824d1944904bcc15771f915ab138355794bd65f16d01

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

C2

http://fiftiforfrisend.quest

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.fortune.symptom/app_DynamicOptDex/GaQsB.json	3681	com.fortune.symptom
/data/user/0/com.fortune.symptom/app_DynamicOptDex/GaQsB.json	3681	com.fortune.symptom

com.fortune.symptom
1⤵
- Loads dropped Dex/Jar
PID:3681
- com.fortune.symptom
  2⤵
  PID:3755

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads