alienbot | 4d4af1605589db8a08d8e43f94c51768be4d60b65c14d2fb2733be8369a42397 | Triage

Analysis

max time kernel
3767735s
max time network
168s
platform
android_x64
resource
android-x64-arm64-20220310-en
submitted
20/05/2022, 06:59

Sharing

Report Analysis Logs

General

Target

4d4af1605589db8a08d8e43f94c51768be4d60b65c14d2fb2733be8369a42397.apk
Size

305KB
MD5

74f7f8544d3792e67ba6d8aee9a902e1
SHA1

a8441e8e060e328cdcc114d087fa1570d4dd6390
SHA256

4d4af1605589db8a08d8e43f94c51768be4d60b65c14d2fb2733be8369a42397
SHA512

63387d04b0bf51cfe30816732ce00153d5b6a7e3425d31391b9bf039095b2aaf992c181082cba67b6b3d1ee0f4e4a1192aa50628dd35a2cccd13e054101f9eb9

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

C2

http://olisparadis.xyz

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.mmgcbf.ecqwtxnppv
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.mmgcbf.ecqwtxnppv

com.mmgcbf.ecqwtxnppv
1⤵
- Makes use of the framework's Accessibility service.
PID:6667
- getprop ro.miui.ui.version.name
  2⤵
  PID:6844
- getprop ro.miui.ui.version.name
  2⤵
  PID:6964
- getprop ro.miui.ui.version.name
  2⤵
  PID:7017
- getprop ro.miui.ui.version.name
  2⤵
  PID:7071
- getprop ro.miui.ui.version.name
  2⤵
  PID:7108
- getprop ro.miui.ui.version.name
  2⤵
  PID:7139
- getprop ro.miui.ui.version.name
  2⤵
  PID:7173

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads