Overview

overview

10

Static

static

7

4f1ff96fb5...5a.apk

android_x86

10

4f1ff96fb5...5a.apk

android_x64

10

4f1ff96fb5...5a.apk

android_x64

10

Analysis

  • max time kernel
    4079545s
  • max time network
    160s
  • platform
    android_x64
  • resource
    android-x64
  • submitted
    13-02-2022 12:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f1ff96fb54960d94e96fd605460408ad65ad300ee479088d0e27cdda073db5a.apk

  • Size

    1.5MB

  • MD5

    8a7abefb0fc3b5f164a0179faccb8729

  • SHA1

    2f84528d11e2107f273ef4ef1e4ec87d59c65509

  • SHA256

    4f1ff96fb54960d94e96fd605460408ad65ad300ee479088d0e27cdda073db5a

  • SHA512

    81180721372166546a01de6781dd91401eb10fecd4ad736be0c33c54510cccca1d6e14bfac9585df3e07bfdf9e6574d753e0ba8365dbbfeed5b95623e2212809

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://oqpls.top

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Checks Qemu related system properties. 1 IoCs

    Checks for Android system properties related to Qemu for Emulator detection.

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • sfga.yyh.mgufpnpnxowplrotzbig
    1⤵
    • Checks Qemu related system properties.
    • Loads dropped Dex/Jar
    PID:3809
    • sfga.yyh.mgufpnpnxowplrotzbig
      2⤵
        PID:3887
      • getprop
        2⤵
          PID:3887
        • sfga.yyh.mgufpnpnxowplrotzbig
          2⤵
            PID:3938
          • getprop
            2⤵
              PID:3938

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/user/0/sfga.yyh.mgufpnpnxowplrotzbig/app_DynamicOptDex/lAsyd.json
            MD5

            b080bc187c738c04b57b5f93a9d4f11c

            SHA1

            e426ea18283e6f8ead7b189b95e3308c42b9a15a

            SHA256

            2fd814c669bd1943ce8e4f1f6b27f9cb309026333368b386e4e8f344c17b6db1

            SHA512

            798b172ae69040fdee8abf641c356124a54c45f986a537d5bf710be527c850b2b5ead41b62325a4fe80740c7af6943d1e450fddb7553db755aa2718b7674a50d

            Download Submit

          • /data/user/0/sfga.yyh.mgufpnpnxowplrotzbig/app_DynamicOptDex/lAsyd.json
            MD5

            b080bc187c738c04b57b5f93a9d4f11c

            SHA1

            e426ea18283e6f8ead7b189b95e3308c42b9a15a

            SHA256

            2fd814c669bd1943ce8e4f1f6b27f9cb309026333368b386e4e8f344c17b6db1

            SHA512

            798b172ae69040fdee8abf641c356124a54c45f986a537d5bf710be527c850b2b5ead41b62325a4fe80740c7af6943d1e450fddb7553db755aa2718b7674a50d

            Download Submit