Overview

overview

10

Static

static

7

df77910503...db.apk

android_x86

10

df77910503...db.apk

android_x64

10

df77910503...db.apk

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    df77910503d7fefae3915bb372455575e335b33e6a6f82f7cf8f5957c68daadb

  • Size

    2.3MB

  • Sample

    220213-p2pllscacq

  • MD5

    e747bf2176196039fe2d4c4554728a8f

  • SHA1

    adc8aca22e30c546ee0efc6cbe2340ff2cc3329c

  • SHA256

    df77910503d7fefae3915bb372455575e335b33e6a6f82f7cf8f5957c68daadb

  • SHA512

    e0660af3b33062964137c568e589ef8a26147c0ca83eb40afd0e57e0f296fc0fe8c8dd5fdb66a5fe2eac8a5e40518f4da796721919829eee0611a46bccb6e68f

Score
10/10
alienbotandroidbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://tifoumiz.com

Targets

    • Target

      df77910503d7fefae3915bb372455575e335b33e6a6f82f7cf8f5957c68daadb

    • Size

      2.3MB

    • MD5

      e747bf2176196039fe2d4c4554728a8f

    • SHA1

      adc8aca22e30c546ee0efc6cbe2340ff2cc3329c

    • SHA256

      df77910503d7fefae3915bb372455575e335b33e6a6f82f7cf8f5957c68daadb

    • SHA512

      e0660af3b33062964137c568e589ef8a26147c0ca83eb40afd0e57e0f296fc0fe8c8dd5fdb66a5fe2eac8a5e40518f4da796721919829eee0611a46bccb6e68f

    Score
    10/10
    alienbotbankerinfostealertrojan

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

      bankertrojaninfostealeralienbot

    • Makes use of the framework's Accessibility service.

    • Checks Qemu related system properties.

      Checks for Android system properties related to Qemu for Emulator detection.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks