Overview

overview

10

Static

static

7

1a182609a9...d1.apk

android_x86

10

1a182609a9...d1.apk

android_x64

10

1a182609a9...d1.apk

android_x64

10

Analysis

  • max time kernel
    2000215s
  • max time network
    166s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    29/04/2022, 21:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a182609a93ac4914b4abb1f932b18f25a192be3ef65cbd24f8737da3f8192d1.apk

  • Size

    1.0MB

  • MD5

    5c5ab562d16a0eb6d61ea924faa5e31a

  • SHA1

    9f26bb33eb7c75a7f84d18a849dbd5f1861aebda

  • SHA256

    1a182609a93ac4914b4abb1f932b18f25a192be3ef65cbd24f8737da3f8192d1

  • SHA512

    289623e38104fc059cec8be69e86e389fa30f235411ba16cb8d9552b4f6d17aedc1f6a03fe88bb1171d2bb9718577742c10d6c287b50b423e5f2438ee0cdc683

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://kyzpc.digital

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
    banker
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.shoe.ridge
    1⤵
    • Makes use of the framework's Accessibility service.
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    PID:7079
    • getprop ro.miui.ui.version.name
      2⤵
        PID:7219
      • getprop ro.miui.ui.version.name
        2⤵
          PID:7331
        • getprop ro.miui.ui.version.name
          2⤵
            PID:7385
          • getprop ro.miui.ui.version.name
            2⤵
              PID:7429
            • getprop ro.miui.ui.version.name
              2⤵
                PID:7477
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:7514
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:7578

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/user/0/com.shoe.ridge/app_DynamicOptDex/eu.json
                  Filesize

                  238KB

                  MD5

                  36d1a426c026e881f30ee22ee17fd955

                  SHA1

                  6fd0e843e39f068d475d7f64eef2d1234a948b3e

                  SHA256

                  f43bcc1d53a5881c8207d4c24ef94ffcbb374842286ad2a826d1878d0422c826

                  SHA512

                  81503b6d9a797f2388a9e12c5d0c90da5fa5b80e3a7cc506283cb7a94f5a8d6a44b7ee1c796d670c7e36cdbeec2777908295f6cfc32c0c783da0ffcf7c3d293c

                  Download Submit

                • /data/user/0/com.shoe.ridge/app_DynamicOptDex/eu.json
                  Filesize

                  483KB

                  MD5

                  1ec4e546aba631df1e49ed7f20a3961c

                  SHA1

                  b57bdb28521583d3d683942a9f3501b330b748e8

                  SHA256

                  704c359b7d68d98f67987d1ac6104d99d044814af9e019ef25045962482c04a7

                  SHA512

                  9e0796314d724c39e16c031e166379c30f7068bd22221f72f72b1392ff66bf6e0841b932839b875ab4c6536e52b88999f6ca30f591aee5c4727385509e475a4a

                  Download Submit

                • /data/user/0/com.shoe.ridge/app_apk/ring0.apk
                  Filesize

                  946KB

                  MD5

                  a73f108dc1b655252c7e45e5df04d4f6

                  SHA1

                  8459f380f7ef684e393c4408f7f4ee58c99147c4

                  SHA256

                  c34367f5395f513b8ee0dedcd5502aed69172e71004a80c1f896ca97e05f4f62

                  SHA512

                  8f84e47b367fb35a073a31cf41422edccbde99ee126cb37d2df0bddae5e8ca0f5df4d6221930548bfd216f583b2885485d764fd58f73d6a14b9a697b66c58dc4

                  Download Submit