Overview

overview

10

Static

static

7

af1d1415d8...e0.apk

android_x86

10

af1d1415d8...e0.apk

android_x64

10

af1d1415d8...e0.apk

android_x64

Analysis

  • max time kernel
    3843803s
  • max time network
    155s
  • platform
    android_x86
  • resource
    android-x86-arm-20220310-en
  • submitted
    21/05/2022, 03:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af1d1415d8dc8373d42d90a6218fd5d5bcd947239c9ac073cea8209ef534d5e0.apk

  • Size

    1.7MB

  • MD5

    5be463c7c7a6ab1ec5e88daadd155a95

  • SHA1

    5290898760157f49137d1e143d350a75ffe39dd6

  • SHA256

    af1d1415d8dc8373d42d90a6218fd5d5bcd947239c9ac073cea8209ef534d5e0

  • SHA512

    74461118c37412e7d7241c8cb43af3dd211d86099a27af42f938a79fcdf8b83ce8b292df6c6212cfb369100832e2bed5a92c65494014a1d542d1b350b965f8e5

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://benicildirtmeyinkoyarimsi.site

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • xomgy.qujbaq.ksbgjq
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:5309
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/xomgy.qujbaq.ksbgjq/app_DynamicOptDex/axqsU.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/xomgy.qujbaq.ksbgjq/app_DynamicOptDex/oat/x86/axqsU.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:5347

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/xomgy.qujbaq.ksbgjq/app_DynamicOptDex/axqsU.json
    Filesize

    688KB

    MD5

    6ab4c3b450f12afbbdf7880ecb09a453

    SHA1

    faf1248241f571d795b239f39a8f815bd0c5f7a0

    SHA256

    a1a778db6c6cbf94e33964961ae380ab51fcecdb963d73bbc9a0476db393aefc

    SHA512

    778d030c8b790a57d0e537eb52426b39bac38dd0b5b9ecf70a7886aa919ef81a26baae0da6a05aeb142045bbba8d26de975eacfcf50bb9ed53efd5cc6c34a6f3

    Download Submit

  • /data/user/0/xomgy.qujbaq.ksbgjq/app_DynamicOptDex/axqsU.json
    Filesize

    688KB

    MD5

    0b1c0aba0c7cab65b38e8c5ff7cd27df

    SHA1

    ff5620ed35453d79899d5766f13899dace343c13

    SHA256

    3b1248558b455ba5188a4cd504d2d99eaace124e6b27cd690a925ae452572b61

    SHA512

    4ff8c6cf9d6ab18569ba1e5cc6e749042f622ec14e3c33732959024b8932598741425dc91efb95aa845b5d04c85a9646341b9f414f75d655ebc786433e107e56

    Download Submit

  • /data/user/0/xomgy.qujbaq.ksbgjq/app_DynamicOptDex/axqsU.json
    Filesize

    688KB

    MD5

    182091bce53bfa9ae0563b9d4aba47c4

    SHA1

    4b8314c26d755089b7502ef4399f6af6082d4876

    SHA256

    36b00518460587f018cdc10c09fc360fd725a5b9fb713b7291c7db0482bb2224

    SHA512

    770ddd01afca4cb29020f747c128cbb59b80dbba5873dd73c304acaee3acf1d8416507eca176c80fbd78f819660eee83d60d29ea329bdf6baccee7f88a06a6f3

    Download Submit

  • /data/user/0/xomgy.qujbaq.ksbgjq/app_DynamicOptDex/axqsU.json
    Filesize

    688KB

    MD5

    0b1c0aba0c7cab65b38e8c5ff7cd27df

    SHA1

    ff5620ed35453d79899d5766f13899dace343c13

    SHA256

    3b1248558b455ba5188a4cd504d2d99eaace124e6b27cd690a925ae452572b61

    SHA512

    4ff8c6cf9d6ab18569ba1e5cc6e749042f622ec14e3c33732959024b8932598741425dc91efb95aa845b5d04c85a9646341b9f414f75d655ebc786433e107e56

    Download Submit