alienbot | c6e15f9a460ff3e5c532bed71e1654993af5c07037df59d352b53df20ae7a3c4

Analysis

max time kernel
3817109s
max time network
156s
platform
android_x64
resource
android-x64-20220310-en
submitted
20-05-2022 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c6e15f9a460ff3e5c532bed71e1654993af5c07037df59d352b53df20ae7a3c4.apk
Size

1.5MB
MD5

1440b048649a76a81cdd0e008f8f318a
SHA1

c99a6c0bd811ed4ab77ccdc14128df1129f80158
SHA256

c6e15f9a460ff3e5c532bed71e1654993af5c07037df59d352b53df20ae7a3c4
SHA512

6e3e5a88392462d2a39e4e75ed6ba36a206732d4160c9170e02159631f8c156d1a4e03b13aed875de1e1a58e22805d40f7f2bcbdc75a626420539d12c2fcaa37

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

http://fsdfjsdjfsjdfsj.cyou

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

razdzkgezkzpmihztscfdeqs.pmqslebdtgelqphkxzo.jmzdreheckrbkhbotcogta

ioc	pid	process
/data/user/0/razdzkgezkzpmihztscfdeqs.pmqslebdtgelqphkxzo.jmzdreheckrbkhbotcogta/app_DynamicOptDex/OLRHchC.json	6312	razdzkgezkzpmihztscfdeqs.pmqslebdtgelqphkxzo.jmzdreheckrbkhbotcogta
/data/user/0/razdzkgezkzpmihztscfdeqs.pmqslebdtgelqphkxzo.jmzdreheckrbkhbotcogta/app_DynamicOptDex/OLRHchC.json	6312	razdzkgezkzpmihztscfdeqs.pmqslebdtgelqphkxzo.jmzdreheckrbkhbotcogta

razdzkgezkzpmihztscfdeqs.pmqslebdtgelqphkxzo.jmzdreheckrbkhbotcogta
1⤵
- Loads dropped Dex/Jar
PID:6312

getprop ro.miui.ui.version.name
2⤵
PID:6400

getprop ro.miui.ui.version.name
2⤵
PID:6491

getprop ro.miui.ui.version.name
2⤵
PID:6543

getprop ro.miui.ui.version.name
2⤵
PID:6580

getprop ro.miui.ui.version.name
2⤵
PID:6633

getprop ro.miui.ui.version.name
2⤵
PID:6673

getprop ro.miui.ui.version.name
2⤵
PID:6723

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/razdzkgezkzpmihztscfdeqs.pmqslebdtgelqphkxzo.jmzdreheckrbkhbotcogta/app_DynamicOptDex/OLRHchC.json

Filesize
784KB

MD5
08533370de6801a48a7a365318bf61f7

SHA1
05e7f3b51bbb7243a1a146b18305b94e927391d4

SHA256
8880ee5b9bccca7df7ea9914cb23fb0ca0446d9fe6485b1c930c6db2bda17957

SHA512
258e2fb25b54093eb2a1507b254fba70d77cde288469eeb6d458c9910b7a7746e948b494c475fbb56f398d7d07d4307f6d53879393bf82f1d1bbe2c091120b68

Download Submit
/data/user/0/razdzkgezkzpmihztscfdeqs.pmqslebdtgelqphkxzo.jmzdreheckrbkhbotcogta/app_DynamicOptDex/OLRHchC.json

Filesize
784KB

MD5
7210ac4e05fddbc6ee1e383457b566ce

SHA1
dd7af53bf192cd5b984f4a41a8a516c7f4177f40

SHA256
1432ce63dbdb44970bca509ff43484819e1f09350243ffdfb732add7c21db4da

SHA512
4e532d268f138f64c26c0aea378ec3ca8c88f87dd3bee91853d18f62ae160c2b1056dd0de4666f4bfda95c8ea400abd17ae17c2262b1d169028a6bf698304a84

Download Submit
/data/user/0/razdzkgezkzpmihztscfdeqs.pmqslebdtgelqphkxzo.jmzdreheckrbkhbotcogta/app_DynamicOptDex/OLRHchC.json

Filesize
784KB

MD5
7210ac4e05fddbc6ee1e383457b566ce

SHA1
dd7af53bf192cd5b984f4a41a8a516c7f4177f40

SHA256
1432ce63dbdb44970bca509ff43484819e1f09350243ffdfb732add7c21db4da

SHA512
4e532d268f138f64c26c0aea378ec3ca8c88f87dd3bee91853d18f62ae160c2b1056dd0de4666f4bfda95c8ea400abd17ae17c2262b1d169028a6bf698304a84

Download Submit
/data/user/0/razdzkgezkzpmihztscfdeqs.pmqslebdtgelqphkxzo.jmzdreheckrbkhbotcogta/app_DynamicOptDex/oat/OLRHchC.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit