Overview

overview

10

Static

static

7

df77910503...db.apk

android_x86

10

df77910503...db.apk

android_x64

10

df77910503...db.apk

android_x64

10

Analysis

  • max time kernel
    4079211s
  • max time network
    142s
  • platform
    android_x64
  • resource
    android-x64
  • submitted
    13-02-2022 12:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    df77910503d7fefae3915bb372455575e335b33e6a6f82f7cf8f5957c68daadb.apk

  • Size

    2.3MB

  • MD5

    e747bf2176196039fe2d4c4554728a8f

  • SHA1

    adc8aca22e30c546ee0efc6cbe2340ff2cc3329c

  • SHA256

    df77910503d7fefae3915bb372455575e335b33e6a6f82f7cf8f5957c68daadb

  • SHA512

    e0660af3b33062964137c568e589ef8a26147c0ca83eb40afd0e57e0f296fc0fe8c8dd5fdb66a5fe2eac8a5e40518f4da796721919829eee0611a46bccb6e68f

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://tifoumiz.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Checks Qemu related system properties. 1 IoCs

    Checks for Android system properties related to Qemu for Emulator detection.

  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • aciewtjnxbkcdxzhoabso.yhsxudbuwodnudkkrda.frlxqjezpmuisep
    1⤵
    • Checks Qemu related system properties.
    • Loads dropped Dex/Jar
    PID:3846
    • aciewtjnxbkcdxzhoabso.yhsxudbuwodnudkkrda.frlxqjezpmuisep
      2⤵
        PID:3918
      • getprop
        2⤵
          PID:3918
        • aciewtjnxbkcdxzhoabso.yhsxudbuwodnudkkrda.frlxqjezpmuisep
          2⤵
            PID:3965
          • getprop
            2⤵
              PID:3965
            • aciewtjnxbkcdxzhoabso.yhsxudbuwodnudkkrda.frlxqjezpmuisep
              2⤵
                PID:4002
              • getprop
                2⤵
                  PID:4002
                • aciewtjnxbkcdxzhoabso.yhsxudbuwodnudkkrda.frlxqjezpmuisep
                  2⤵
                    PID:4023
                  • getprop
                    2⤵
                      PID:4023

                  Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • /data/user/0/aciewtjnxbkcdxzhoabso.yhsxudbuwodnudkkrda.frlxqjezpmuisep/app_DynamicOptDex/SmJXMZo.json
                    MD5

                    c602762d7c0114dcfdb95752b22bb926

                    SHA1

                    7439ccb5706b23ba66456096264777d311ad1b60

                    SHA256

                    b5babbca89c0565bb4bfe32af80e998a28f39e40590221f7a8fdda104a517710

                    SHA512

                    c56693c7b5a3a1695aaeab3493313628bf6e178353aac57131c3fb23a6394f95abdbbb7114a0c5c8fccf35df9b96089926d2bacbd21db39cf50b0f8bd330fa53

                    Download Submit

                  • /data/user/0/aciewtjnxbkcdxzhoabso.yhsxudbuwodnudkkrda.frlxqjezpmuisep/app_DynamicOptDex/SmJXMZo.json
                    MD5

                    c602762d7c0114dcfdb95752b22bb926

                    SHA1

                    7439ccb5706b23ba66456096264777d311ad1b60

                    SHA256

                    b5babbca89c0565bb4bfe32af80e998a28f39e40590221f7a8fdda104a517710

                    SHA512

                    c56693c7b5a3a1695aaeab3493313628bf6e178353aac57131c3fb23a6394f95abdbbb7114a0c5c8fccf35df9b96089926d2bacbd21db39cf50b0f8bd330fa53

                    Download Submit