alienbot | 0da75ac97f4ec8954a961c270bcbe75bd2671c65cf25db45540b70f1ff403e31

Analysis

max time kernel
407154s
max time network
166s
platform
android_x64
resource
android-x64-20220310-en
submitted
11-04-2022 10:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0da75ac97f4ec8954a961c270bcbe75bd2671c65cf25db45540b70f1ff403e31.apk
Size

3.7MB
MD5

6cf5d6abcc04d1d37c85df5dc543ba0e
SHA1

a6256e0aa101fc07319f19d6908f174ed8d14f5f
SHA256

0da75ac97f4ec8954a961c270bcbe75bd2671c65cf25db45540b70f1ff403e31
SHA512

5d5f1d000d3ee111b01aa7df044357778c5701848a3672de6817c2cb3452843bc8408f7e31cca1f3321ced0c444f9e6425ca419ef03a397d5f12e4736d31d18a

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

http://cupboardg2irl3c.com

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

teach.report.crane

ioc	pid	Process
/data/user/0/teach.report.crane/app_DynamicOptDex/wU.json	6301	teach.report.crane
/data/user/0/teach.report.crane/app_DynamicOptDex/wU.json	6301	teach.report.crane

teach.report.crane
1⤵
- Loads dropped Dex/Jar
PID:6301
- getprop ro.miui.ui.version.name
  2⤵
  PID:6435
- getprop ro.miui.ui.version.name
  2⤵
  PID:6521
- getprop ro.miui.ui.version.name
  2⤵
  PID:6582
- getprop ro.miui.ui.version.name
  2⤵
  PID:6611
- getprop ro.miui.ui.version.name
  2⤵
  PID:6666
- getprop ro.miui.ui.version.name
  2⤵
  PID:6710

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/teach.report.crane/app_DynamicOptDex/oat/wU.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/teach.report.crane/app_DynamicOptDex/wU.json

Filesize
748KB

MD5
a290ecb1e4b9bbdb67049a4c1ed14e35

SHA1
efc9eabd8d9cd70cf33e8aaaa518d32e3b603731

SHA256
06f2f51c8298493c4d3dac8d814844f7bdd65eb6bc19ae5b085e8781ad7ccbfa

SHA512
4e8217c96ac549f33a7677fcd305317060059ed839175757d54d18429023a15a1a177b5d384c64e5bab9f1454a15c3af6e94faf9f22ebbc94b4a37289af1505d

Download Submit
/data/user/0/teach.report.crane/app_DynamicOptDex/wU.json

Filesize
748KB

MD5
f81c8a8b9cc75b2b2f8867caac07fd37

SHA1
963a64c29b786a819808781fea2e1b7084025f4a

SHA256
ee69088103f41c9fcb20142cfe728630259ac499519c7c48a935c7a8fae88293

SHA512
ed034efaef74988e2e3afc8da5843f6bc97a147a21ec1058b7f0a829d1308ef234f110a7e3196567590477b2c040857986d7ff2ba0828ea2f5ae40adca8937e7

Download Submit
/data/user/0/teach.report.crane/app_DynamicOptDex/wU.json

Filesize
748KB

MD5
f81c8a8b9cc75b2b2f8867caac07fd37

SHA1
963a64c29b786a819808781fea2e1b7084025f4a

SHA256
ee69088103f41c9fcb20142cfe728630259ac499519c7c48a935c7a8fae88293

SHA512
ed034efaef74988e2e3afc8da5843f6bc97a147a21ec1058b7f0a829d1308ef234f110a7e3196567590477b2c040857986d7ff2ba0828ea2f5ae40adca8937e7

Download Submit