Analysis
-
max time kernel
407158s -
max time network
155s -
platform
android_x64 -
resource
android-x64-arm64-20220310-en -
submitted
11-04-2022 10:50
Static task
static1
Behavioral task
behavioral1
Sample
0da75ac97f4ec8954a961c270bcbe75bd2671c65cf25db45540b70f1ff403e31.apk
Resource
android-x86-arm-20220310-en
Behavioral task
behavioral2
Sample
0da75ac97f4ec8954a961c270bcbe75bd2671c65cf25db45540b70f1ff403e31.apk
Resource
android-x64-20220310-en
Behavioral task
behavioral3
Sample
0da75ac97f4ec8954a961c270bcbe75bd2671c65cf25db45540b70f1ff403e31.apk
Resource
android-x64-arm64-20220310-en
General
-
Target
0da75ac97f4ec8954a961c270bcbe75bd2671c65cf25db45540b70f1ff403e31.apk
-
Size
3.7MB
-
MD5
6cf5d6abcc04d1d37c85df5dc543ba0e
-
SHA1
a6256e0aa101fc07319f19d6908f174ed8d14f5f
-
SHA256
0da75ac97f4ec8954a961c270bcbe75bd2671c65cf25db45540b70f1ff403e31
-
SHA512
5d5f1d000d3ee111b01aa7df044357778c5701848a3672de6817c2cb3452843bc8408f7e31cca1f3321ced0c444f9e6425ca419ef03a397d5f12e4736d31d18a
Malware Config
Extracted
alienbot
http://cupboardg2irl3c.com
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Makes use of the framework's Accessibility service. 2 IoCs
Processes:
teach.report.cranedescription ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId teach.report.crane Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId teach.report.crane -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
teach.report.craneioc pid Process /data/user/0/teach.report.crane/app_DynamicOptDex/wU.json 5842 teach.report.crane /data/user/0/teach.report.crane/app_DynamicOptDex/wU.json 5842 teach.report.crane
Processes
-
teach.report.crane1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:5842 -
getprop ro.miui.ui.version.name2⤵PID:5961
-
-
getprop ro.miui.ui.version.name2⤵PID:6062
-
-
getprop ro.miui.ui.version.name2⤵PID:6209
-
-
getprop ro.miui.ui.version.name2⤵PID:6273
-
-
getprop ro.miui.ui.version.name2⤵PID:6304
-
-
getprop ro.miui.ui.version.name2⤵PID:6346
-
-
getprop ro.miui.ui.version.name2⤵PID:6394
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
Filesize
748KB
MD5a290ecb1e4b9bbdb67049a4c1ed14e35
SHA1efc9eabd8d9cd70cf33e8aaaa518d32e3b603731
SHA25606f2f51c8298493c4d3dac8d814844f7bdd65eb6bc19ae5b085e8781ad7ccbfa
SHA5124e8217c96ac549f33a7677fcd305317060059ed839175757d54d18429023a15a1a177b5d384c64e5bab9f1454a15c3af6e94faf9f22ebbc94b4a37289af1505d
-
Filesize
748KB
MD5f81c8a8b9cc75b2b2f8867caac07fd37
SHA1963a64c29b786a819808781fea2e1b7084025f4a
SHA256ee69088103f41c9fcb20142cfe728630259ac499519c7c48a935c7a8fae88293
SHA512ed034efaef74988e2e3afc8da5843f6bc97a147a21ec1058b7f0a829d1308ef234f110a7e3196567590477b2c040857986d7ff2ba0828ea2f5ae40adca8937e7
-
Filesize
748KB
MD5f81c8a8b9cc75b2b2f8867caac07fd37
SHA1963a64c29b786a819808781fea2e1b7084025f4a
SHA256ee69088103f41c9fcb20142cfe728630259ac499519c7c48a935c7a8fae88293
SHA512ed034efaef74988e2e3afc8da5843f6bc97a147a21ec1058b7f0a829d1308ef234f110a7e3196567590477b2c040857986d7ff2ba0828ea2f5ae40adca8937e7