Analysis
-
max time kernel
4079554s -
max time network
145s -
platform
android_x86 -
resource
android-x86-arm -
submitted
13-02-2022 12:50
General
-
Target
4f1ff96fb54960d94e96fd605460408ad65ad300ee479088d0e27cdda073db5a.apk
-
Size
1.5MB
-
MD5
8a7abefb0fc3b5f164a0179faccb8729
-
SHA1
2f84528d11e2107f273ef4ef1e4ec87d59c65509
-
SHA256
4f1ff96fb54960d94e96fd605460408ad65ad300ee479088d0e27cdda073db5a
-
SHA512
81180721372166546a01de6781dd91401eb10fecd4ad736be0c33c54510cccca1d6e14bfac9585df3e07bfdf9e6574d753e0ba8365dbbfeed5b95623e2212809
Malware Config
Extracted
alienbot
http://oqpls.top
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Makes use of the framework's Accessibility service. 1 IoCs
-
Acquires the wake lock. 1 IoCs
-
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
Processes
-
sfga.yyh.mgufpnpnxowplrotzbig1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
-
sfga.yyh.mgufpnpnxowplrotzbig2⤵
-
-
/system/bin/dex2oat2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
b080bc187c738c04b57b5f93a9d4f11c
SHA1e426ea18283e6f8ead7b189b95e3308c42b9a15a
SHA2562fd814c669bd1943ce8e4f1f6b27f9cb309026333368b386e4e8f344c17b6db1
SHA512798b172ae69040fdee8abf641c356124a54c45f986a537d5bf710be527c850b2b5ead41b62325a4fe80740c7af6943d1e450fddb7553db755aa2718b7674a50d
-
MD5
7591e1ca2a0b68754a42d84e5d89a168
SHA1c614eb944fab759ab14b7a4df373c88a22b9022e
SHA25601c766ecca0a773bcec1c41eba6191fdca7d742698da32b8accfbdfad70f46f6
SHA51258beb2c17cf7e2e54bbe916230a0027ee1e98e939754d98e39840eccf3873d06146cf96a72a3065b19c2f9404c27540bb2fa2de566c88d8219c45e4e3768feab
-
MD5
b080bc187c738c04b57b5f93a9d4f11c
SHA1e426ea18283e6f8ead7b189b95e3308c42b9a15a
SHA2562fd814c669bd1943ce8e4f1f6b27f9cb309026333368b386e4e8f344c17b6db1
SHA512798b172ae69040fdee8abf641c356124a54c45f986a537d5bf710be527c850b2b5ead41b62325a4fe80740c7af6943d1e450fddb7553db755aa2718b7674a50d