Overview

overview

10

Static

static

7

342a9f1309...55.apk

android_x86

10

342a9f1309...55.apk

android_x64

10

342a9f1309...55.apk

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    342a9f13097e57efc2324b1db53f77b058c3734d51448c497f543ad003201555

  • Size

    2.2MB

  • Sample

    220213-p3atvacadk

  • MD5

    d19df565e9c5d661b8bfbc6283936f75

  • SHA1

    d5fb04491de0eb596bb9ec01dd5b271d72bae87b

  • SHA256

    342a9f13097e57efc2324b1db53f77b058c3734d51448c497f543ad003201555

  • SHA512

    624369a6aa2cdebf68d53691bcf843bfd7b96ead86096a850772f4d953fa87b998f11d2e21d7401952ce8fcfd686bfde4b8f87dd1fb356808cd1199ea804d4fd

Score
10/10
alienbotandroidbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://xasmascon771.icu

Targets

    • Target

      342a9f13097e57efc2324b1db53f77b058c3734d51448c497f543ad003201555

    • Size

      2.2MB

    • MD5

      d19df565e9c5d661b8bfbc6283936f75

    • SHA1

      d5fb04491de0eb596bb9ec01dd5b271d72bae87b

    • SHA256

      342a9f13097e57efc2324b1db53f77b058c3734d51448c497f543ad003201555

    • SHA512

      624369a6aa2cdebf68d53691bcf843bfd7b96ead86096a850772f4d953fa87b998f11d2e21d7401952ce8fcfd686bfde4b8f87dd1fb356808cd1199ea804d4fd

    Score
    10/10
    alienbotbankerinfostealertrojan

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

      bankertrojaninfostealeralienbot

    • Makes use of the framework's Accessibility service.

    • Checks Qemu related system properties.

      Checks for Android system properties related to Qemu for Emulator detection.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks