alienbot | df77910503d7fefae3915bb372455575e335b33e6a6f82f7cf8f5957c68daadb

Analysis

Target

df77910503d7fefae3915bb372455575e335b33e6a6f82f7cf8f5957c68daadb.apk
Size

2.3MB
MD5

e747bf2176196039fe2d4c4554728a8f
SHA1

adc8aca22e30c546ee0efc6cbe2340ff2cc3329c
SHA256

df77910503d7fefae3915bb372455575e335b33e6a6f82f7cf8f5957c68daadb
SHA512

e0660af3b33062964137c568e589ef8a26147c0ca83eb40afd0e57e0f296fc0fe8c8dd5fdb66a5fe2eac8a5e40518f4da796721919829eee0611a46bccb6e68f

Score

10^/10

Family

alienbot

http://tifoumiz.com

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Makes use of the framework's Accessibility service. 1 IoCs

Processes:

aciewtjnxbkcdxzhoabso.yhsxudbuwodnudkkrda.frlxqjezpmuisep

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	aciewtjnxbkcdxzhoabso.yhsxudbuwodnudkkrda.frlxqjezpmuisep

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

aciewtjnxbkcdxzhoabso.yhsxudbuwodnudkkrda.frlxqjezpmuisep/system/bin/dex2oat

ioc	pid	Process
/data/user/0/aciewtjnxbkcdxzhoabso.yhsxudbuwodnudkkrda.frlxqjezpmuisep/app_DynamicOptDex/SmJXMZo.json	4900	aciewtjnxbkcdxzhoabso.yhsxudbuwodnudkkrda.frlxqjezpmuisep
/data/user/0/aciewtjnxbkcdxzhoabso.yhsxudbuwodnudkkrda.frlxqjezpmuisep/app_DynamicOptDex/SmJXMZo.json	4954	/system/bin/dex2oat
/data/user/0/aciewtjnxbkcdxzhoabso.yhsxudbuwodnudkkrda.frlxqjezpmuisep/app_DynamicOptDex/SmJXMZo.json	4900	aciewtjnxbkcdxzhoabso.yhsxudbuwodnudkkrda.frlxqjezpmuisep

aciewtjnxbkcdxzhoabso.yhsxudbuwodnudkkrda.frlxqjezpmuisep
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:4900
- aciewtjnxbkcdxzhoabso.yhsxudbuwodnudkkrda.frlxqjezpmuisep
  2⤵
  PID:4954
- /system/bin/dex2oat
  2⤵
  - Loads dropped Dex/Jar
  PID:4954

/data/user/0/aciewtjnxbkcdxzhoabso.yhsxudbuwodnudkkrda.frlxqjezpmuisep/app_DynamicOptDex/SmJXMZo.json

MD5
c602762d7c0114dcfdb95752b22bb926

SHA1
7439ccb5706b23ba66456096264777d311ad1b60

SHA256
b5babbca89c0565bb4bfe32af80e998a28f39e40590221f7a8fdda104a517710

SHA512
c56693c7b5a3a1695aaeab3493313628bf6e178353aac57131c3fb23a6394f95abdbbb7114a0c5c8fccf35df9b96089926d2bacbd21db39cf50b0f8bd330fa53

Download Submit
/data/user/0/aciewtjnxbkcdxzhoabso.yhsxudbuwodnudkkrda.frlxqjezpmuisep/app_DynamicOptDex/SmJXMZo.json

MD5
a76cb69da59a45bf7e7ebbb22621eb3b

SHA1
9e7381724a289ddad9d1e334b9c58e075a32c9ff

SHA256
c9446360fd0383cffe64a8090c0450d5e501e0e6d4611f28446233d6847b0761

SHA512
74d060f55fb7af42ebb0a88eb7e267d52a50a665f6f7409bef888d9f9188293778cf9c2160b2a85d4fbd51592c00dfd237a729e54ebe4f7ef0d6ced391e8cf34

Download Submit
/data/user/0/aciewtjnxbkcdxzhoabso.yhsxudbuwodnudkkrda.frlxqjezpmuisep/app_DynamicOptDex/SmJXMZo.json

MD5
c602762d7c0114dcfdb95752b22bb926

SHA1
7439ccb5706b23ba66456096264777d311ad1b60

SHA256
b5babbca89c0565bb4bfe32af80e998a28f39e40590221f7a8fdda104a517710

SHA512
c56693c7b5a3a1695aaeab3493313628bf6e178353aac57131c3fb23a6394f95abdbbb7114a0c5c8fccf35df9b96089926d2bacbd21db39cf50b0f8bd330fa53

Download Submit