Overview

overview

10

Static

static

7

fe0498f516...1d.apk

android_x86

10

fe0498f516...1d.apk

android_x64

10

fe0498f516...1d.apk

android_x64

10

Analysis

  • max time kernel
    2733109s
  • max time network
    167s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    08/05/2022, 06:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe0498f516cc9946f94d9e50ccbf0a9347cf3e5d97a9d7e9f3b2f3cf9ea6b61d.apk

  • Size

    2.6MB

  • MD5

    b275484a89980f299a245b93f21e1a3d

  • SHA1

    b4219642cdfe7cae29f1edab80585732509671a0

  • SHA256

    fe0498f516cc9946f94d9e50ccbf0a9347cf3e5d97a9d7e9f3b2f3cf9ea6b61d

  • SHA512

    80902cb35901941a5d0aaa514dd7b6a5b264f396265ef91eed02d82c6db0392b437ca77b7d929f676f38ebbc95ddb14815e6d6fb63020cd2d26142a7f9c2c7e8

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://fijora.top/

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • rnluke.mxedxs.omjjxnwp
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:6718
    • getprop ro.miui.ui.version.name
      2⤵
        PID:6834
      • getprop ro.miui.ui.version.name
        2⤵
          PID:6944
        • getprop ro.miui.ui.version.name
          2⤵
            PID:6994
          • getprop ro.miui.ui.version.name
            2⤵
              PID:7045
            • getprop ro.miui.ui.version.name
              2⤵
                PID:7083
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:7117
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:7153

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/user/0/rnluke.mxedxs.omjjxnwp/app_DynamicOptDex/JNR.json
                  Filesize

                  771KB

                  MD5

                  8cc6ee09656003b57dc99e7927593d99

                  SHA1

                  cf1deb1a1dab9104f1c6376390ca3600eb7aa617

                  SHA256

                  b22e5b8abf20f948cd0adb1439587dfbe6f878cd5c139bd9c90ce5e31c65ba5a

                  SHA512

                  611bf6d68a48789d9e6e8bbd6e4e1b30b04ac2cb2af0d70e86f6ae4400dc5f6f146316c51495c94579159d6f8ef234bb7ab0dfebc14c6d4081b0f7029cf3eb10

                  Download Submit

                • /data/user/0/rnluke.mxedxs.omjjxnwp/app_DynamicOptDex/JNR.json
                  Filesize

                  771KB

                  MD5

                  2e11e5c6640713acd4e6b080a2fea155

                  SHA1

                  b5fea1163d4d977317abf997d19a2f756adacb22

                  SHA256

                  361f6cc33f42f700b2a6f48de00180be91b712c0bfeced24d979a928a7fb2d5a

                  SHA512

                  a186af9693f06c403eb36ddeddce40c6f299596bdcb26b3b4475dc8fea2db3526eab3d98d1f8edcbe002cc912d51936eed271882ac5b28dfd866537dc9a87255

                  Download Submit

                • /data/user/0/rnluke.mxedxs.omjjxnwp/app_DynamicOptDex/JNR.json
                  Filesize

                  771KB

                  MD5

                  2e11e5c6640713acd4e6b080a2fea155

                  SHA1

                  b5fea1163d4d977317abf997d19a2f756adacb22

                  SHA256

                  361f6cc33f42f700b2a6f48de00180be91b712c0bfeced24d979a928a7fb2d5a

                  SHA512

                  a186af9693f06c403eb36ddeddce40c6f299596bdcb26b3b4475dc8fea2db3526eab3d98d1f8edcbe002cc912d51936eed271882ac5b28dfd866537dc9a87255

                  Download Submit