Overview

overview

10

Static

static

7

a3a285cdfb...7e.apk

android_x86

10

a3a285cdfb...7e.apk

android_x64

10

a3a285cdfb...7e.apk

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3a285cdfb69e2ba600df8cc9d028737e335d96d48b2083792f393010d59107e

  • Size

    2.2MB

  • Sample

    220213-p21nwaaaa2

  • MD5

    39392493077871e1e469432bb84039ad

  • SHA1

    5d474edd1f501380c31b7bcbe00eb58617a3337e

  • SHA256

    a3a285cdfb69e2ba600df8cc9d028737e335d96d48b2083792f393010d59107e

  • SHA512

    a6aa5c3d60f3445c14e90be83448379f3659a7f6a6720dcf88d23efba4b945bc7ae23d3ea827a8e0d4ef59a206717b9e157fab67589c07d605270db6eae5572c

Score
10/10
alienbotandroidbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://217.8.117.30

Targets

    • Target

      a3a285cdfb69e2ba600df8cc9d028737e335d96d48b2083792f393010d59107e

    • Size

      2.2MB

    • MD5

      39392493077871e1e469432bb84039ad

    • SHA1

      5d474edd1f501380c31b7bcbe00eb58617a3337e

    • SHA256

      a3a285cdfb69e2ba600df8cc9d028737e335d96d48b2083792f393010d59107e

    • SHA512

      a6aa5c3d60f3445c14e90be83448379f3659a7f6a6720dcf88d23efba4b945bc7ae23d3ea827a8e0d4ef59a206717b9e157fab67589c07d605270db6eae5572c

    Score
    10/10
    alienbotbankerinfostealertrojan

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

      bankertrojaninfostealeralienbot

    • Makes use of the framework's Accessibility service.

    • Checks Qemu related system properties.

      Checks for Android system properties related to Qemu for Emulator detection.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks