Analysis

  • max time kernel
    4079400s
  • max time network
    173s
  • platform
    android_x64
  • resource
    android-x64-arm64
  • submitted
    13-02-2022 12:49

General

  • Target

    ba625262b247e4c79e729a83f53767c34fc0c25142eedbcc0e74f15d73c64090.apk

  • Size

    1.8MB

  • MD5

    7a33783b6908f03443d30643688d54c6

  • SHA1

    ab2f85c703fa5e9ff59e28ecb0a621c06c29e530

  • SHA256

    ba625262b247e4c79e729a83f53767c34fc0c25142eedbcc0e74f15d73c64090

  • SHA512

    9110f44761156e117c8ad66a728ecfe166f84f6d5c5bfcca977fa1c2aa244e0613faa057793be15b3a7fa162afd8255ba3f3aa8cd21dd9a6d248c882c9d52ca3

Malware Config

Extracted

Family

alienbot

C2

http://testedwwh.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

  • Makes use of the framework's Accessibility service. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • jbx.roagjksrlsxsmknhdrizttgrhs.fbf
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:5537
    • jbx.roagjksrlsxsmknhdrizttgrhs.fbf
      2⤵
        PID:6234
      • jbx.roagjksrlsxsmknhdrizttgrhs.fbf
        2⤵
          PID:6740
        • jbx.roagjksrlsxsmknhdrizttgrhs.fbf
          2⤵
            PID:6780
          • jbx.roagjksrlsxsmknhdrizttgrhs.fbf
            2⤵
              PID:6811
            • jbx.roagjksrlsxsmknhdrizttgrhs.fbf
              2⤵
                PID:6854
              • jbx.roagjksrlsxsmknhdrizttgrhs.fbf
                2⤵
                  PID:6890
                • jbx.roagjksrlsxsmknhdrizttgrhs.fbf
                  2⤵
                    PID:6922

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/user/0/jbx.roagjksrlsxsmknhdrizttgrhs.fbf/app_DynamicOptDex/baiFN.json

                  MD5

                  97e5b1a031761f8e6e738ddbc3e73d30

                  SHA1

                  172e280d5ac63bbdfbcbf93aac3f979a461e3769

                  SHA256

                  bfac6923f972a412f9de2a67f1a5775b52d27555f4bb1cc92efdcd27e48b6280

                  SHA512

                  115c11c5524337b4327a6c4659a914f689a6bba99dd04fd7f191d406b42bff31fe1852a2766d42b29f09d7f38bbfb54bd6523f283e41882e26a6dcec68e8b65f

                • /data/user/0/jbx.roagjksrlsxsmknhdrizttgrhs.fbf/app_DynamicOptDex/baiFN.json

                  MD5

                  97e5b1a031761f8e6e738ddbc3e73d30

                  SHA1

                  172e280d5ac63bbdfbcbf93aac3f979a461e3769

                  SHA256

                  bfac6923f972a412f9de2a67f1a5775b52d27555f4bb1cc92efdcd27e48b6280

                  SHA512

                  115c11c5524337b4327a6c4659a914f689a6bba99dd04fd7f191d406b42bff31fe1852a2766d42b29f09d7f38bbfb54bd6523f283e41882e26a6dcec68e8b65f