alienbot | 46c7b95d0f2dd95d690c3288cf2d0a02d9f6ebbeab817a4f6d185ae94942a4d7

Analysis

max time kernel
3844087s
max time network
171s
platform
android_x64
resource
android-x64-20220310-en
submitted
21-05-2022 03:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46c7b95d0f2dd95d690c3288cf2d0a02d9f6ebbeab817a4f6d185ae94942a4d7.apk
Size

1.9MB
MD5

22592d03280a25d92a894bf6777eac0e
SHA1

f7e122f0c92f26a8dba9473435a0dbc671a3a907
SHA256

46c7b95d0f2dd95d690c3288cf2d0a02d9f6ebbeab817a4f6d185ae94942a4d7
SHA512

96b57f5415df22866b5a28dce18d9488b9ad42830b0e304e80488434d870998b04a8193933f6c0f7223a7560d9af0b99c2bd09a951dba464add9e9a8585064fe

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

http://cavresamiinverebamiin.best

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

yblayk.aittgaxg.cnhfkdamdxfsitdsptddifsx

ioc	pid	Process
/data/user/0/yblayk.aittgaxg.cnhfkdamdxfsitdsptddifsx/app_DynamicOptDex/OF.json	6179	yblayk.aittgaxg.cnhfkdamdxfsitdsptddifsx
/data/user/0/yblayk.aittgaxg.cnhfkdamdxfsitdsptddifsx/app_DynamicOptDex/OF.json	6179	yblayk.aittgaxg.cnhfkdamdxfsitdsptddifsx

yblayk.aittgaxg.cnhfkdamdxfsitdsptddifsx
1⤵
- Loads dropped Dex/Jar
PID:6179
- getprop ro.miui.ui.version.name
  2⤵
  PID:6324
- getprop ro.miui.ui.version.name
  2⤵
  PID:6434
- getprop ro.miui.ui.version.name
  2⤵
  PID:6486
- getprop ro.miui.ui.version.name
  2⤵
  PID:6543
- getprop ro.miui.ui.version.name
  2⤵
  PID:6575
- getprop ro.miui.ui.version.name
  2⤵
  PID:6633

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/yblayk.aittgaxg.cnhfkdamdxfsitdsptddifsx/app_DynamicOptDex/OF.json

Filesize
707KB

MD5
752111a8bbda58b1dd4c4954a027041f

SHA1
3df137b0a3fea91b5895f89192dd94e376881d1b

SHA256
b8f6f1e071b4f9baf83ac820ae52c6772d2aea325100b40bea05506dc24ab5d6

SHA512
42998d8964942aa5e1add16df030c88975afbe98deb98f4acb95f1d29402355e7504f9c8f97425c92777d933b76acf17d04a77397131840fe9bf08e22d60ad39

Download Submit
/data/user/0/yblayk.aittgaxg.cnhfkdamdxfsitdsptddifsx/app_DynamicOptDex/OF.json

Filesize
707KB

MD5
ed41914d606810821267eddeadb3ab9d

SHA1
6902acc91b936e2d10563dec0c3a5b8d4cbbea6a

SHA256
af56f7f37bd22f3a01d9dff8d50d97db7ed4082328af2d8b377f6982ca21472d

SHA512
265bd31157dd0a292761dcf700fbbb5810bf30a3076821f30b880fff7fab8d08d23a45ff58936dfc8c900706f1cc65091e9a81d30decdb22be0968b25ce66f6d

Download Submit
/data/user/0/yblayk.aittgaxg.cnhfkdamdxfsitdsptddifsx/app_DynamicOptDex/OF.json

Filesize
707KB

MD5
ed41914d606810821267eddeadb3ab9d

SHA1
6902acc91b936e2d10563dec0c3a5b8d4cbbea6a

SHA256
af56f7f37bd22f3a01d9dff8d50d97db7ed4082328af2d8b377f6982ca21472d

SHA512
265bd31157dd0a292761dcf700fbbb5810bf30a3076821f30b880fff7fab8d08d23a45ff58936dfc8c900706f1cc65091e9a81d30decdb22be0968b25ce66f6d

Download Submit
/data/user/0/yblayk.aittgaxg.cnhfkdamdxfsitdsptddifsx/app_DynamicOptDex/oat/OF.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit