alienbot | f2712d1ccadb309f2b482fd2f7118be4707423f8374dd9dfa56dcdda60819ad4 | Triage

Analysis

max time kernel
3370831s
max time network
189s
platform
android_x64
resource
android-x64
submitted
05/02/2022, 08:05

Sharing

Report Analysis Logs

General

Target

f2712d1ccadb309f2b482fd2f7118be4707423f8374dd9dfa56dcdda60819ad4.apk
Size

1.2MB
MD5

d0ee960194950078ba2ef14203557ccd
SHA1

9fa0428cc7b57e9a6c5a110cd0e18a8e13790808
SHA256

f2712d1ccadb309f2b482fd2f7118be4707423f8374dd9dfa56dcdda60819ad4
SHA512

35c5b5155265bff2d03bd9cb4eb9ad365c23bc967dcafdd8f9b439738182908ad566098468ca0bb8442173d1ac7122624da07e110544a702715535c6a1b86451

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

C2

http://xancc4fp.online

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/iawhmkptxbtiwoapxkxq.fsxdcqouxqgrqewwnpkuyxjsnsx.myaybhjxsrmfkzmbqomrhdhwqxg/app_DynamicOptDex/fyrLYM.json	3800	iawhmkptxbtiwoapxkxq.fsxdcqouxqgrqewwnpkuyxjsnsx.myaybhjxsrmfkzmbqomrhdhwqxg
/data/user/0/iawhmkptxbtiwoapxkxq.fsxdcqouxqgrqewwnpkuyxjsnsx.myaybhjxsrmfkzmbqomrhdhwqxg/app_DynamicOptDex/fyrLYM.json	3800	iawhmkptxbtiwoapxkxq.fsxdcqouxqgrqewwnpkuyxjsnsx.myaybhjxsrmfkzmbqomrhdhwqxg

iawhmkptxbtiwoapxkxq.fsxdcqouxqgrqewwnpkuyxjsnsx.myaybhjxsrmfkzmbqomrhdhwqxg
1⤵
- Loads dropped Dex/Jar
PID:3800
- iawhmkptxbtiwoapxkxq.fsxdcqouxqgrqewwnpkuyxjsnsx.myaybhjxsrmfkzmbqomrhdhwqxg
  2⤵
  PID:3873

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads