Overview

overview

10

Static

static

7

4f1ff96fb5...5a.apk

android_x86

10

4f1ff96fb5...5a.apk

android_x64

10

4f1ff96fb5...5a.apk

android_x64

10

Analysis

  • max time kernel
    4079566s
  • max time network
    161s
  • platform
    android_x64
  • resource
    android-x64-arm64
  • submitted
    13-02-2022 12:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f1ff96fb54960d94e96fd605460408ad65ad300ee479088d0e27cdda073db5a.apk

  • Size

    1.5MB

  • MD5

    8a7abefb0fc3b5f164a0179faccb8729

  • SHA1

    2f84528d11e2107f273ef4ef1e4ec87d59c65509

  • SHA256

    4f1ff96fb54960d94e96fd605460408ad65ad300ee479088d0e27cdda073db5a

  • SHA512

    81180721372166546a01de6781dd91401eb10fecd4ad736be0c33c54510cccca1d6e14bfac9585df3e07bfdf9e6574d753e0ba8365dbbfeed5b95623e2212809

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://oqpls.top

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • sfga.yyh.mgufpnpnxowplrotzbig
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:5619
    • sfga.yyh.mgufpnpnxowplrotzbig
      2⤵
        PID:6229
      • sfga.yyh.mgufpnpnxowplrotzbig
        2⤵
          PID:6700
        • sfga.yyh.mgufpnpnxowplrotzbig
          2⤵
            PID:6734
          • sfga.yyh.mgufpnpnxowplrotzbig
            2⤵
              PID:6780
            • sfga.yyh.mgufpnpnxowplrotzbig
              2⤵
                PID:6806
              • sfga.yyh.mgufpnpnxowplrotzbig
                2⤵
                  PID:6839
                • sfga.yyh.mgufpnpnxowplrotzbig
                  2⤵
                    PID:6870

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/user/0/sfga.yyh.mgufpnpnxowplrotzbig/app_DynamicOptDex/lAsyd.json
                  MD5

                  b080bc187c738c04b57b5f93a9d4f11c

                  SHA1

                  e426ea18283e6f8ead7b189b95e3308c42b9a15a

                  SHA256

                  2fd814c669bd1943ce8e4f1f6b27f9cb309026333368b386e4e8f344c17b6db1

                  SHA512

                  798b172ae69040fdee8abf641c356124a54c45f986a537d5bf710be527c850b2b5ead41b62325a4fe80740c7af6943d1e450fddb7553db755aa2718b7674a50d

                  Download Submit

                • /data/user/0/sfga.yyh.mgufpnpnxowplrotzbig/app_DynamicOptDex/lAsyd.json
                  MD5

                  b080bc187c738c04b57b5f93a9d4f11c

                  SHA1

                  e426ea18283e6f8ead7b189b95e3308c42b9a15a

                  SHA256

                  2fd814c669bd1943ce8e4f1f6b27f9cb309026333368b386e4e8f344c17b6db1

                  SHA512

                  798b172ae69040fdee8abf641c356124a54c45f986a537d5bf710be527c850b2b5ead41b62325a4fe80740c7af6943d1e450fddb7553db755aa2718b7674a50d

                  Download Submit