Overview

overview

10

Static

static

7

afdcf9e488...fd.apk

android_x86

10

afdcf9e488...fd.apk

android_x64

10

afdcf9e488...fd.apk

android_x64

10

Analysis

  • max time kernel
    167514s
  • max time network
    150s
  • platform
    android_x64
  • resource
    android-x64-20220310-en
  • submitted
    08-04-2022 16:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    afdcf9e488413652659a551ff9388a81101228273bef2cfcdd7121e0bdb6a0fd.apk

  • Size

    1.9MB

  • MD5

    4676030b254286ce7fe7501e7eafd31f

  • SHA1

    04283f5d707b86cf097178fdf09a64a6623467f6

  • SHA256

    afdcf9e488413652659a551ff9388a81101228273bef2cfcdd7121e0bdb6a0fd

  • SHA512

    bd71d384c257595f4fc881c57b8a955bfed62cf8a765bb028e109fcbcaa5bfe4a6a1e032877216d73d6c19e57323b1aca460a58027733c961850af35b5c1d192

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://adsdsadsalifsa.digital

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.pull.people
    1⤵
    • Loads dropped Dex/Jar
    PID:6302
    • getprop ro.miui.ui.version.name
      2⤵
        PID:6429
      • getprop ro.miui.ui.version.name
        2⤵
          PID:6517
        • getprop ro.miui.ui.version.name
          2⤵
            PID:6588
          • getprop ro.miui.ui.version.name
            2⤵
              PID:6625
            • getprop ro.miui.ui.version.name
              2⤵
                PID:6669
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:6719
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:6765

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/user/0/com.pull.people/app_DynamicOptDex/oat/rpO.json.cur.prof
                  MD5

                  d41d8cd98f00b204e9800998ecf8427e

                  SHA1

                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                  SHA256

                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                  SHA512

                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                  Download Submit

                • /data/user/0/com.pull.people/app_DynamicOptDex/rpO.json
                  Filesize

                  238KB

                  MD5

                  7499213fe33df9ab281fbde82df166f4

                  SHA1

                  d5984db8ec75f91f6427a8d19d6f8a2f9c2d9841

                  SHA256

                  2335773ddcfe28b88f604397c905072f2b61e90251cf95a9f2f84aa4ded9e054

                  SHA512

                  65e4dba8902d03d15e6b8482b22f7de2bf77edf714c5c0e179330ef6ad345c7c3962a0893d1f9ff40e55480e269f4cd42e4afaed8928580b2c25459b7220473e

                  Download Submit

                • /data/user/0/com.pull.people/app_DynamicOptDex/rpO.json
                  Filesize

                  483KB

                  MD5

                  f4d8edec131cef598ad563dd645af79a

                  SHA1

                  104580d35d00f187346c5319cbe1b29f9104740c

                  SHA256

                  a67b615cfb7b24b0066e05b6a7b84e577566688c0d2a1e53166cf7a72a3a2452

                  SHA512

                  afee67953f0f9dae370a51b764abc996a0dc095ba42ad37479d910d9d2076fbf0056116c616154268f4cc8e51b4d4f0ee907cc01a6820ae1b321d7e1bc71ac8e

                  Download Submit