Overview

overview

10

Static

static

7

afdcf9e488...fd.apk

android_x86

10

afdcf9e488...fd.apk

android_x64

10

afdcf9e488...fd.apk

android_x64

10

Analysis

  • max time kernel
    167529s
  • max time network
    165s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    08-04-2022 16:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    afdcf9e488413652659a551ff9388a81101228273bef2cfcdd7121e0bdb6a0fd.apk

  • Size

    1.9MB

  • MD5

    4676030b254286ce7fe7501e7eafd31f

  • SHA1

    04283f5d707b86cf097178fdf09a64a6623467f6

  • SHA256

    afdcf9e488413652659a551ff9388a81101228273bef2cfcdd7121e0bdb6a0fd

  • SHA512

    bd71d384c257595f4fc881c57b8a955bfed62cf8a765bb028e109fcbcaa5bfe4a6a1e032877216d73d6c19e57323b1aca460a58027733c961850af35b5c1d192

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://adsdsadsalifsa.digital

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.pull.people
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    PID:6968
    • getprop ro.miui.ui.version.name
      2⤵
        PID:7084
      • getprop ro.miui.ui.version.name
        2⤵
          PID:7212

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/user/0/com.pull.people/app_DynamicOptDex/oat/rpO.json.cur.prof
        MD5

        d41d8cd98f00b204e9800998ecf8427e

        SHA1

        da39a3ee5e6b4b0d3255bfef95601890afd80709

        SHA256

        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

        SHA512

        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

        Download Submit

      • /data/user/0/com.pull.people/app_DynamicOptDex/rpO.json
        Filesize

        238KB

        MD5

        7499213fe33df9ab281fbde82df166f4

        SHA1

        d5984db8ec75f91f6427a8d19d6f8a2f9c2d9841

        SHA256

        2335773ddcfe28b88f604397c905072f2b61e90251cf95a9f2f84aa4ded9e054

        SHA512

        65e4dba8902d03d15e6b8482b22f7de2bf77edf714c5c0e179330ef6ad345c7c3962a0893d1f9ff40e55480e269f4cd42e4afaed8928580b2c25459b7220473e

        Download Submit

      • /data/user/0/com.pull.people/app_DynamicOptDex/rpO.json
        Filesize

        483KB

        MD5

        f4d8edec131cef598ad563dd645af79a

        SHA1

        104580d35d00f187346c5319cbe1b29f9104740c

        SHA256

        a67b615cfb7b24b0066e05b6a7b84e577566688c0d2a1e53166cf7a72a3a2452

        SHA512

        afee67953f0f9dae370a51b764abc996a0dc095ba42ad37479d910d9d2076fbf0056116c616154268f4cc8e51b4d4f0ee907cc01a6820ae1b321d7e1bc71ac8e

        Download Submit