Overview

overview

10

Static

static

7

2877b27f1b...50.apk

android_x64

10

Resubmissions

20-03-2022 22:30

220320-2e69csgffl 10

10-03-2022 18:07

220310-wqcw1achbm 10

10-03-2022 17:34

220310-v5qkzahdf7 7

10-03-2022 17:12

220310-vq77gahca6 7

10-03-2022 16:14

220310-tp5jhsbham 7

10-03-2022 16:02

220310-tgwawabggk 10

Analysis

  • max time kernel
    2843151s
  • max time network
    173s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    20-03-2022 22:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2877b27f1b6c7db466351618dda4f05d6a15e9a26028f3fc064fa144ec3a1850.apk

  • Size

    2.4MB

  • MD5

    e39505e65aec6835f680c902e1c8f7d8

  • SHA1

    8b2984b8838067903ee3ff95d8a6823106216296

  • SHA256

    2877b27f1b6c7db466351618dda4f05d6a15e9a26028f3fc064fa144ec3a1850

  • SHA512

    19911ed73419450a03ad541f7164a5db05a93e2c63d894ab79fdc50409d77696bdc203155640361d5f12de1929f234d5b2da84ebf4c59306876d725221310887

Score
10/10
xenomorphbankerinfostealerransomwaretrojan

Malware Config

Extracted

Family

xenomorph

C2

simpleyo5.tk

simpleyo5.cf

kart12sec.ga

kart12sec.gq

Extracted

Family

xenomorph

Attributes
  • PackageNames

    com.android.vending

    com.google.android.gm

  • URLs

    https://homeandofficedeal.com/local/multi/com.android.vending.html

    https://homeandofficedeal.com/local/multi/com.google.android.gm.html

AES_key
AES_key
AES_key

Signatures

  • Xenomorph

    Xenomorph is an Android banking trojan that is seemingly tied with AlienBot.

    bankertrojaninfostealerxenomorph
  • Makes use of the framework's Accessibility service. 1 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.spike.old
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:7186

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads