alienbot | 31daa74d08d4f1f6c23d5b7605063f0f6b9573eeced542a3a0e6cbe239b99877

Analysis

max time kernel
2848204s
max time network
112s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
09/05/2022, 16:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07b7d933b0581bc77e6660c119ae9c64ac4585e5f84cd591bf9ec17bd556ac78.apk
Size

990KB
MD5

6fb8f86facfd8c471261e9fd1a7c613a
SHA1

7aca181d99022dbe3bf15c0e90404d0d30a0e9b2
SHA256

07b7d933b0581bc77e6660c119ae9c64ac4585e5f84cd591bf9ec17bd556ac78
SHA512

fde7be9cbcdd1d99072bea1bfc2a8d3c144eb89f4e19880dce3a4917856db52c4f2b160f19ec91f031c715243d9fb7225eb6a1a1928566f9c61c322071010d9b

Score

10^/10

alienbot banker evasion infostealer trojan

Malware Config

Extracted

Family

alienbot

http://bugunsensensensin.digital

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.orange.target
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.orange.target

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.orange.target

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.orange.target/app_DynamicOptDex/btM.json	5328	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.orange.target/app_DynamicOptDex/btM.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.orange.target/app_DynamicOptDex/oat/x86/btM.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.orange.target/app_DynamicOptDex/btM.json	5293	com.orange.target

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.orange.target

com.orange.target
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Removes a system notification.
PID:5293
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.orange.target/app_DynamicOptDex/btM.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.orange.target/app_DynamicOptDex/oat/x86/btM.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:5328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.orange.target/app_DynamicOptDex/btM.json

Filesize
238KB

MD5
d920fffc7faf74371684dc90e72e8506

SHA1
7e5aadd36658abc568230e35132970d3f1b664b8

SHA256
ff4001d2ef21cac148360c855849bd9c3d77ff63b5bcebcdee7753c10ef972f1

SHA512
59e9fc2b8b0a6149e28e01c7832ea5392fc8b1046dd60a658565b0a7bd8908bfc0d6cca845d50012bb2aaee00368d88c241d84e40cd795ba6fab19c380ec200f

Download Submit
/data/user/0/com.orange.target/app_DynamicOptDex/btM.json

Filesize
483KB

MD5
b287942f31fbaff20126ba7836ba5023

SHA1
a8fb87d356c502da33b6aed523dbf7cf72c36358

SHA256
e02cb2dc5e1906753939ba641de5d5015c41996eadce49c88f427ae9c11080b9

SHA512
7e0003ade79c3f81385e5fb06ae321d0dcb837c7ff40147b681511926732ddc6a7f10c3ff49d2887cf97cde50a10567e0a1344678acccbdd0afefcad1e2d3291

Download Submit
/data/user/0/com.orange.target/app_DynamicOptDex/btM.json

Filesize
483KB

MD5
721a56f18bf13ebf88de4c14e6a9921a

SHA1
73462a2cf8e0f3c515ff8d15247df794663ca8db

SHA256
bbcacd9229771551a6bcfa64d32a7b1418c301ad27c72cd92a2d5f5f378a132a

SHA512
26d027e8ce67de67927fa66dccd39aab6ad589d01cdcd3c7efddab47cd9cce54b621a33a3579d2cbc5536e09564aa33f71d89145f3192e414ade0e65ff391342

Download Submit
/data/user/0/com.orange.target/app_webview/GPUCache/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.orange.target/app_webview/GPUCache/index-dir/temp-index

Filesize
48B

MD5
d5998a1ffcdac631a112e0ab58c3c213

SHA1
8e8125612e69d01bd6bb105f675c52c5a073b727

SHA256
83a4873dfa779911fd11fece4a184d8579daca64322f766d297db8ce0d2031ba

SHA512
1a60d37b6d3ca86b36f82df64d5ddd95bdfda92e019907a16d4f203ef4ddbe24dfbc1e0cdffbb324a1179c1a411f42a73379d5fc73e98252ee1f3536aefe2edf

Download Submit
/data/user/0/com.orange.target/app_webview/Web Data

Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.orange.target/app_webview/Web Data-journal

Filesize
1KB

MD5
89cba2bd6ece6a4a336cff2885762882

SHA1
5c4db7d43917ac2cb99a1f062df15a60de0b16ac

SHA256
3dde2f33286d953d8316eaec7731c5a18ea38fa976a141362634ede45093edab

SHA512
d049d8efa10f718182ef7ed63781ba8ffd863e7898db01cc8a7a2c13427f0901589c95e217f7ba713d6a21a755e5b05f86681a9ab2f3c9294571025ad77783c2

Download Submit
/data/user/0/com.orange.target/app_webview/metrics_guid

Filesize
36B

MD5
33c10351e73441c2268ef85dc91cf667

SHA1
7cae805a7ef30eff4ef556b1300f30143c843df2

SHA256
908445ea06c20a51e94b7c5bce8ed46d69ec9e09a2ee754945f91bc1ce828a55

SHA512
91cad0f7052c10955bc95487dbe9f85e0c336a9cff83f8ecc6329e801bc9f1d8fa1c9cab1ec644c5cbc2501d25e8dd1d837a2479222f75c71f7e3683b3ef35d3

Download Submit
/data/user/0/com.orange.target/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit