alienbot | 4a7adde4bea53ce1adf56e119f8a28d3c135ab265f20d5b53fe54c728999da24

Analysis

max time kernel
3763123s
max time network
155s
platform
android_x64
resource
android-x64-arm64-20220310-en
submitted
20-05-2022 06:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a7adde4bea53ce1adf56e119f8a28d3c135ab265f20d5b53fe54c728999da24.apk
Size

1.7MB
MD5

ec8896a5a8041cedf5479bab6a8601bf
SHA1

e97e32d1cbc26c13f708c13f0d61a0b6b50384c2
SHA256

4a7adde4bea53ce1adf56e119f8a28d3c135ab265f20d5b53fe54c728999da24
SHA512

9fe6a8f2caf14a646b97cd23e19b84fefbd2cc2b15b3c665adffcf733927c424b718b5bbcd255ce070e476f6d3b9e0dede7749211e2d20e85c5dfb9986e13537

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

http://fillimillidilli.top

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

eucgw.eiqcaxglyqyltpng.pioglmzyha

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	eucgw.eiqcaxglyqyltpng.pioglmzyha
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	eucgw.eiqcaxglyqyltpng.pioglmzyha

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

eucgw.eiqcaxglyqyltpng.pioglmzyha

ioc	pid	Process
/data/user/0/eucgw.eiqcaxglyqyltpng.pioglmzyha/app_DynamicOptDex/uhic.json	6278	eucgw.eiqcaxglyqyltpng.pioglmzyha
/data/user/0/eucgw.eiqcaxglyqyltpng.pioglmzyha/app_DynamicOptDex/uhic.json	6278	eucgw.eiqcaxglyqyltpng.pioglmzyha

eucgw.eiqcaxglyqyltpng.pioglmzyha
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:6278
- getprop ro.miui.ui.version.name
  2⤵
  PID:6448
- getprop ro.miui.ui.version.name
  2⤵
  PID:6547

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/eucgw.eiqcaxglyqyltpng.pioglmzyha/app_DynamicOptDex/oat/uhic.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/eucgw.eiqcaxglyqyltpng.pioglmzyha/app_DynamicOptDex/uhic.json

Filesize
681KB

MD5
cbbf1ecde18bf41a6e42b85ee46d1c6d

SHA1
44f4cd42a909f3191668c827e6b035b6d759b061

SHA256
f73d775bc5546fc4ca0f07edbceec423fb9a49735a21404c95b57763fdd71048

SHA512
e85d096a93936197ea6d341af063a1ef508877f9085f94fa471f9e1d5aebc538fad1c2b31429e5b7c989cba68f9148e1f317e31e0eedec1f85edcfc2ea3627e0

Download Submit
/data/user/0/eucgw.eiqcaxglyqyltpng.pioglmzyha/app_DynamicOptDex/uhic.json

Filesize
681KB

MD5
20579b2bd0846b9a6b42cfd2b9a390df

SHA1
4a84a4e17979b246ed8d9127cead13fa6010e8ab

SHA256
56a8282a0b2198a20f7421ef3566ee5cd063e6509e7e07829deaa5db5b72687e

SHA512
880c84a2ca972d94e52331967cd048a39d0562acff3e2bf71ef186e5e2ed028819b89756df54da3eac14d78367c3a3c10ac427b5d6b701a34a88006c61b822f6

Download Submit
/data/user/0/eucgw.eiqcaxglyqyltpng.pioglmzyha/app_DynamicOptDex/uhic.json

Filesize
681KB

MD5
20579b2bd0846b9a6b42cfd2b9a390df

SHA1
4a84a4e17979b246ed8d9127cead13fa6010e8ab

SHA256
56a8282a0b2198a20f7421ef3566ee5cd063e6509e7e07829deaa5db5b72687e

SHA512
880c84a2ca972d94e52331967cd048a39d0562acff3e2bf71ef186e5e2ed028819b89756df54da3eac14d78367c3a3c10ac427b5d6b701a34a88006c61b822f6

Download Submit