Resubmissions
20-03-2022 22:30
220320-2e69csgffl 1010-03-2022 18:07
220310-wqcw1achbm 1010-03-2022 17:34
220310-v5qkzahdf7 710-03-2022 17:12
220310-vq77gahca6 710-03-2022 16:14
220310-tp5jhsbham 710-03-2022 16:02
220310-tgwawabggk 10Analysis
-
max time kernel
1955844s -
max time network
171s -
platform
android_x64 -
resource
android-x64-arm64 -
submitted
10-03-2022 16:02
General
-
Target
2877b27f1b6c7db466351618dda4f05d6a15e9a26028f3fc064fa144ec3a1850.apk
-
Size
2.4MB
-
MD5
e39505e65aec6835f680c902e1c8f7d8
-
SHA1
8b2984b8838067903ee3ff95d8a6823106216296
-
SHA256
2877b27f1b6c7db466351618dda4f05d6a15e9a26028f3fc064fa144ec3a1850
-
SHA512
19911ed73419450a03ad541f7164a5db05a93e2c63d894ab79fdc50409d77696bdc203155640361d5f12de1929f234d5b2da84ebf4c59306876d725221310887
Malware Config
Extracted
xenomorph
simpleyo5.tk
simpleyo5.cf
kart12sec.ga
kart12sec.gq
Extracted
xenomorph
- resources
Signatures
-
Xenomorph
Xenomorph is an Android banking trojan that is seemingly tied with AlienBot.
-
Makes use of the framework's Accessibility service. 1 IoCs
-
Checks Android system properties for emulator presence. 1 IoCs
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes
-
com.spike.old1⤵
- Makes use of the framework's Accessibility service.
- Checks Android system properties for emulator presence.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
fde08886038bffc5923fa098cd55d0cd
SHA1d6f8dbbdd2ded86081cb81e690f5402552ee5345
SHA256dae52bbee7f709fae9d91e06229c35b46d4559677f26152d4327fc1601d181be
SHA51293b05624b145e56e081e0771b1ec635df4cf6109087abc67dabe7055ef745003109047370fd42bab83424b7ee396fc6116419f4c255bbd1a794ec558fa7a9091