Overview

overview

10

Static

static

7

25f8c85774...b9.apk

android_x86

10

25f8c85774...b9.apk

android_x64

10

25f8c85774...b9.apk

android_x64

10

Analysis

  • max time kernel
    3843693s
  • max time network
    166s
  • platform
    android_x64
  • resource
    android-x64-20220310-en
  • submitted
    21-05-2022 03:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    25f8c85774f2c0cfb7122f2a1de2301498c70c239a42d0cd9399c904c22a35b9.apk

  • Size

    1.4MB

  • MD5

    7557a88cf8e930d33675a1cf2a3ca0f0

  • SHA1

    dff8dd372f1d3137bb41820f89b67acecb7204c1

  • SHA256

    25f8c85774f2c0cfb7122f2a1de2301498c70c239a42d0cd9399c904c22a35b9

  • SHA512

    3d8214805293c47ed91b40653619396d1a82a9310a27c7979723a0f3b5d7d67c198802f534ba98ac882d5090c9913b7e930335edf13a7a4a658c8cdb9d4feed8

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://alskdalksdlaksdjlaigpopoinojasg.info/

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • ntmserpfdosfwguutcejnye.zohzrycfeqcfuuuxjdtztl.uhph
    1⤵
    • Loads dropped Dex/Jar
    PID:6344
    • getprop ro.miui.ui.version.name
      2⤵
        PID:6420
      • getprop ro.miui.ui.version.name
        2⤵
          PID:6525
        • getprop ro.miui.ui.version.name
          2⤵
            PID:6576
          • getprop ro.miui.ui.version.name
            2⤵
              PID:6613

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/user/0/ntmserpfdosfwguutcejnye.zohzrycfeqcfuuuxjdtztl.uhph/app_DynamicOptDex/oat/qUbuD.json.cur.prof
            MD5

            d41d8cd98f00b204e9800998ecf8427e

            SHA1

            da39a3ee5e6b4b0d3255bfef95601890afd80709

            SHA256

            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

            SHA512

            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

            Download Submit
          • /data/user/0/ntmserpfdosfwguutcejnye.zohzrycfeqcfuuuxjdtztl.uhph/app_DynamicOptDex/qUbuD.json
            Filesize

            730KB

            MD5

            f57737c363419720b82c569be6a9cb04

            SHA1

            38816a25583a52ca3f5eb305acdd91be887376e3

            SHA256

            9f24e342bf3cc2b35e7fef63d682515a01193789acffe79ac74a62fb6e41d298

            SHA512

            73370947343d3331d14c0e5c2b061db982a66c5ff556e2a5d2f3ca02e63b5f913191c7983f83b0fa43c0669ff1ae6fb59ae17db6a0af59a41efdc8a97f59bf23

            Download Submit
          • /data/user/0/ntmserpfdosfwguutcejnye.zohzrycfeqcfuuuxjdtztl.uhph/app_DynamicOptDex/qUbuD.json
            Filesize

            730KB

            MD5

            bea1a26accb85be002f29ca8bed94444

            SHA1

            a27216ece47a8cc87c99855e40b3dbb0bfd659b5

            SHA256

            4f8b45eb438098549b76367305f5701ef53d467647d3479431771f1f767fb61b

            SHA512

            567770506afeba0ed5301e86983e94c627f752c1300ef60459ec11e8d652ebb51a8a008ee4e12a872f6adafd5b29cba1abf28780a76b28bbeefc3a668f8e1fcb

            Download Submit
          • /data/user/0/ntmserpfdosfwguutcejnye.zohzrycfeqcfuuuxjdtztl.uhph/app_DynamicOptDex/qUbuD.json
            Filesize

            730KB

            MD5

            bea1a26accb85be002f29ca8bed94444

            SHA1

            a27216ece47a8cc87c99855e40b3dbb0bfd659b5

            SHA256

            4f8b45eb438098549b76367305f5701ef53d467647d3479431771f1f767fb61b

            SHA512

            567770506afeba0ed5301e86983e94c627f752c1300ef60459ec11e8d652ebb51a8a008ee4e12a872f6adafd5b29cba1abf28780a76b28bbeefc3a668f8e1fcb

            Download Submit