alienbot | 3830acc79c670cf20e30034226d1916a57d2dffd15215ce067cae116badbcdfc | Triage

Analysis

max time kernel
2421798s
max time network
219s
platform
android_x64
resource
android-x64
submitted
25-01-2022 08:23

Sharing

Report Analysis Logs

General

Target

3830acc79c670cf20e30034226d1916a57d2dffd15215ce067cae116badbcdfc.apk
Size

2.2MB
MD5

619e6314d0bde9c2c516bb92c442c76f
SHA1

9a0ab0b8b33d4a8874741cf84e7c67737c3206db
SHA256

3830acc79c670cf20e30034226d1916a57d2dffd15215ce067cae116badbcdfc
SHA512

e21d974bee2aba7222e9c1c0d385051a73e2f8c1d65cebb32a15ac7fc60c8f5df2c397017b2366683ecf68a004a500704aacb039ab79cf4e436cca1be1041e36

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

C2

http://selamolsunselam.tk

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.verify.flip

ioc	pid	Process
/data/user/0/com.verify.flip/app_DynamicOptDex/pmumdhR.json	3858	com.verify.flip

com.verify.flip
1⤵
- Loads dropped Dex/Jar
PID:3858
- com.verify.flip
  2⤵
  PID:3930

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.verify.flip/app_DynamicOptDex/pmumdhR.json

MD5
5a47388f037ffe4ef1e2ed0c5a188ed7

SHA1
05e13656a33f2d002a109e66221cab32fea3275c

SHA256
c68ac253c53ddc7751221e46781aa5d5039365056cf4626c2a0fb79ffd8bfc27

SHA512
009db2f6784c35655e1321d73a207751d12957833d4b59e01da9765ae2d4c322a83c8291ad29c2a8c223c890b702bb23e5b2a7937eb2f796cd4703a157b7fed4

Download Submit