alienbot | 3830acc79c670cf20e30034226d1916a57d2dffd15215ce067cae116badbcdfc

Analysis

Target

3830acc79c670cf20e30034226d1916a57d2dffd15215ce067cae116badbcdfc.apk
Size

2.2MB
MD5

619e6314d0bde9c2c516bb92c442c76f
SHA1

9a0ab0b8b33d4a8874741cf84e7c67737c3206db
SHA256

3830acc79c670cf20e30034226d1916a57d2dffd15215ce067cae116badbcdfc
SHA512

e21d974bee2aba7222e9c1c0d385051a73e2f8c1d65cebb32a15ac7fc60c8f5df2c397017b2366683ecf68a004a500704aacb039ab79cf4e436cca1be1041e36

Score

10^/10

Family

alienbot

http://selamolsunselam.tk

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Makes use of the framework's Accessibility service. 1 IoCs

Processes:

com.verify.flip

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.verify.flip

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.verify.flip

ioc	pid	Process
/data/user/0/com.verify.flip/app_DynamicOptDex/pmumdhR.json	6301	com.verify.flip

com.verify.flip
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:6301
- com.verify.flip
  2⤵
  PID:6459
- getprop
  2⤵
  PID:6459
- com.verify.flip
  2⤵
  PID:6839

/data/user/0/com.verify.flip/app_DynamicOptDex/pmumdhR.json

MD5
5a47388f037ffe4ef1e2ed0c5a188ed7

SHA1
05e13656a33f2d002a109e66221cab32fea3275c

SHA256
c68ac253c53ddc7751221e46781aa5d5039365056cf4626c2a0fb79ffd8bfc27

SHA512
009db2f6784c35655e1321d73a207751d12957833d4b59e01da9765ae2d4c322a83c8291ad29c2a8c223c890b702bb23e5b2a7937eb2f796cd4703a157b7fed4

Download Submit