Analysis

  • max time kernel
    502287s
  • max time network
    166s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    12-04-2022 13:17

General

  • Target

    0da75ac97f4ec8954a961c270bcbe75bd2671c65cf25db45540b70f1ff403e31.apk

  • Size

    3.7MB

  • MD5

    6cf5d6abcc04d1d37c85df5dc543ba0e

  • SHA1

    a6256e0aa101fc07319f19d6908f174ed8d14f5f

  • SHA256

    0da75ac97f4ec8954a961c270bcbe75bd2671c65cf25db45540b70f1ff403e31

  • SHA512

    5d5f1d000d3ee111b01aa7df044357778c5701848a3672de6817c2cb3452843bc8408f7e31cca1f3321ced0c444f9e6425ca419ef03a397d5f12e4736d31d18a

Malware Config

Extracted

Family

alienbot

C2

http://cupboardg2irl3c.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • teach.report.crane
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:7056
    • getprop ro.miui.ui.version.name
      2⤵
        PID:7165
      • getprop ro.miui.ui.version.name
        2⤵
          PID:7281
        • getprop ro.miui.ui.version.name
          2⤵
            PID:7340
          • getprop ro.miui.ui.version.name
            2⤵
              PID:7376
            • getprop ro.miui.ui.version.name
              2⤵
                PID:7414
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:7470
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:7504

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/user/0/teach.report.crane/app_DynamicOptDex/oat/wU.json.cur.prof

                  MD5

                  d41d8cd98f00b204e9800998ecf8427e

                  SHA1

                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                  SHA256

                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                  SHA512

                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                • /data/user/0/teach.report.crane/app_DynamicOptDex/wU.json

                  Filesize

                  748KB

                  MD5

                  a290ecb1e4b9bbdb67049a4c1ed14e35

                  SHA1

                  efc9eabd8d9cd70cf33e8aaaa518d32e3b603731

                  SHA256

                  06f2f51c8298493c4d3dac8d814844f7bdd65eb6bc19ae5b085e8781ad7ccbfa

                  SHA512

                  4e8217c96ac549f33a7677fcd305317060059ed839175757d54d18429023a15a1a177b5d384c64e5bab9f1454a15c3af6e94faf9f22ebbc94b4a37289af1505d

                • /data/user/0/teach.report.crane/app_DynamicOptDex/wU.json

                  Filesize

                  748KB

                  MD5

                  f81c8a8b9cc75b2b2f8867caac07fd37

                  SHA1

                  963a64c29b786a819808781fea2e1b7084025f4a

                  SHA256

                  ee69088103f41c9fcb20142cfe728630259ac499519c7c48a935c7a8fae88293

                  SHA512

                  ed034efaef74988e2e3afc8da5843f6bc97a147a21ec1058b7f0a829d1308ef234f110a7e3196567590477b2c040857986d7ff2ba0828ea2f5ae40adca8937e7

                • /data/user/0/teach.report.crane/app_DynamicOptDex/wU.json

                  Filesize

                  748KB

                  MD5

                  f81c8a8b9cc75b2b2f8867caac07fd37

                  SHA1

                  963a64c29b786a819808781fea2e1b7084025f4a

                  SHA256

                  ee69088103f41c9fcb20142cfe728630259ac499519c7c48a935c7a8fae88293

                  SHA512

                  ed034efaef74988e2e3afc8da5843f6bc97a147a21ec1058b7f0a829d1308ef234f110a7e3196567590477b2c040857986d7ff2ba0828ea2f5ae40adca8937e7