alienbot | a3a285cdfb69e2ba600df8cc9d028737e335d96d48b2083792f393010d59107e

Analysis

Target

a3a285cdfb69e2ba600df8cc9d028737e335d96d48b2083792f393010d59107e.apk
Size

2.2MB
MD5

39392493077871e1e469432bb84039ad
SHA1

5d474edd1f501380c31b7bcbe00eb58617a3337e
SHA256

a3a285cdfb69e2ba600df8cc9d028737e335d96d48b2083792f393010d59107e
SHA512

a6aa5c3d60f3445c14e90be83448379f3659a7f6a6720dcf88d23efba4b945bc7ae23d3ea827a8e0d4ef59a206717b9e157fab67589c07d605270db6eae5572c

Score

10^/10

Family

alienbot

http://217.8.117.30

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Makes use of the framework's Accessibility service. 1 IoCs

Processes:

com.gvluzgxhbpcq.xktgujarlepo

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.gvluzgxhbpcq.xktgujarlepo

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.gvluzgxhbpcq.xktgujarlepo

ioc	pid	Process
/data/user/0/com.gvluzgxhbpcq.xktgujarlepo/app_offline/yklwqoqpbt.jar	5611	com.gvluzgxhbpcq.xktgujarlepo

com.gvluzgxhbpcq.xktgujarlepo
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:5611
- com.gvluzgxhbpcq.xktgujarlepo
  2⤵
  PID:6182
- com.gvluzgxhbpcq.xktgujarlepo
  2⤵
  PID:6752
- com.gvluzgxhbpcq.xktgujarlepo
  2⤵
  PID:6783
- com.gvluzgxhbpcq.xktgujarlepo
  2⤵
  PID:6828
- com.gvluzgxhbpcq.xktgujarlepo
  2⤵
  PID:6855

/data/user/0/com.gvluzgxhbpcq.xktgujarlepo/app_offline/yklwqoqpbt.jar

MD5
2eb0adea0963df0bf7cd66321614e443

SHA1
c3e3a298f04efdda9a6652be6ee5a3acbbb1ba67

SHA256
b0ed6949ef8dcec22c7007de38ecb1a6d84a1c8f8fb8da9f2020373163363fae

SHA512
c7996a61f3308ad1756e9e1cac321dd7a22a1bd275fb042cbb233105d57c1e30216eaf21a4891c105e05f305acbc5a889673b4c4be6b3857f0442afc960b708e

Download Submit