Overview

overview

10

Static

static

7

16b3b4b41c...84.apk

android_x86

10

16b3b4b41c...84.apk

android_x64

10

16b3b4b41c...84.apk

android_x64

10

Analysis

  • max time kernel
    3821451s
  • max time network
    104s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    20-05-2022 23:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16b3b4b41cdb2f415c09a7c7a486f8a3542abaa6cd17a41c80ed1b1bc7a81884.apk

  • Size

    2.0MB

  • MD5

    87321bfd3a2b14b47ca08886b1eb20ac

  • SHA1

    e32375397d42ff740afc39530c4254f461e27c29

  • SHA256

    16b3b4b41cdb2f415c09a7c7a486f8a3542abaa6cd17a41c80ed1b1bc7a81884

  • SHA512

    2f4816bac87108293d476ea9162ae51717764cf4a2e1c3e0b699b36ed236712518b27ef726105f0bc30e18ec52acf259601936825a4499c8c0462fdb85c200f7

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://coulcoul.top/

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • tqhngfl.lyafndlhdlhcljijnmatq.fbncxwydzrpiggwiiwmarg
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:6713
    • getprop ro.miui.ui.version.name
      2⤵
        PID:6851
      • getprop ro.miui.ui.version.name
        2⤵
          PID:6963
        • getprop ro.miui.ui.version.name
          2⤵
            PID:7012
          • getprop ro.miui.ui.version.name
            2⤵
              PID:7062
            • getprop ro.miui.ui.version.name
              2⤵
                PID:7100
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:7133
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:7168

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/user/0/tqhngfl.lyafndlhdlhcljijnmatq.fbncxwydzrpiggwiiwmarg/app_DynamicOptDex/Qck.json
                  Filesize

                  644KB

                  MD5

                  a06c48fa1a586095cb9b620e0744076a

                  SHA1

                  b6d8b5fffc66e2f71309566c7d5d50049a061dcf

                  SHA256

                  f4ea9d5991935841e172af4549431c24834bb4b65cc1944f50ef5978ea35754b

                  SHA512

                  b2df1c74c72e29179601938f0d5f7f637a315bbf55ac262e5b49b615c5d484476d129c1210a113b914685599ec2e6e4ed10381ce86d6b42637ec3aec718d754b

                  Download Submit
                • /data/user/0/tqhngfl.lyafndlhdlhcljijnmatq.fbncxwydzrpiggwiiwmarg/app_DynamicOptDex/Qck.json
                  Filesize

                  644KB

                  MD5

                  2b2ab99c20d16510c1a007a6c4c8b74b

                  SHA1

                  a4e4a1bcd315fd157d1ccadd8ff34b5a1325e562

                  SHA256

                  0e4cd86a4e5351d1532051cd3dc479e1b618e1fc430e023bc91f873e7f0e3ace

                  SHA512

                  3b9cc61d67f005b5894f6d88f2ea3fb94c7f19b99a97195ef57a7ec80ec53d41f70aaba263eab86f7b8c05137e40b2ec96b3d5d82f0052e80703833253b36cbb

                  Download Submit
                • /data/user/0/tqhngfl.lyafndlhdlhcljijnmatq.fbncxwydzrpiggwiiwmarg/app_DynamicOptDex/Qck.json
                  Filesize

                  644KB

                  MD5

                  2b2ab99c20d16510c1a007a6c4c8b74b

                  SHA1

                  a4e4a1bcd315fd157d1ccadd8ff34b5a1325e562

                  SHA256

                  0e4cd86a4e5351d1532051cd3dc479e1b618e1fc430e023bc91f873e7f0e3ace

                  SHA512

                  3b9cc61d67f005b5894f6d88f2ea3fb94c7f19b99a97195ef57a7ec80ec53d41f70aaba263eab86f7b8c05137e40b2ec96b3d5d82f0052e80703833253b36cbb

                  Download Submit
                • /data/user/0/tqhngfl.lyafndlhdlhcljijnmatq.fbncxwydzrpiggwiiwmarg/app_DynamicOptDex/oat/Qck.json.cur.prof
                  MD5

                  d41d8cd98f00b204e9800998ecf8427e

                  SHA1

                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                  SHA256

                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                  SHA512

                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                  Download Submit