alienbot | bc882bec0ec2e4c41c50b89153e36d31ee3d47028c7703bfc1488e05732d7ef9

General

Target

bc882bec0ec2e4c41c50b89153e36d31ee3d47028c7703bfc1488e05732d7ef9.apk
Size

1.7MB
MD5

21b543378713458253e1b616d80a6b08
SHA1

84488d46e4b996f5f3aade805a8c7742436f919b
SHA256

bc882bec0ec2e4c41c50b89153e36d31ee3d47028c7703bfc1488e05732d7ef9
SHA512

45e92649c48a9e4bcd39b719d508453f6ade966c8bbf3163cc8f28de9f3f84bcb0a881d673f2d17f37fc2c700b8e25ac0974ae15014b68e207c0f2e35a807355

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

C2

http://bulan337.site

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

dxjnualhm.epuklebfcflqrstzoxypkydhnbi.dfntpwojywsorhpra

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	dxjnualhm.epuklebfcflqrstzoxypkydhnbi.dfntpwojywsorhpra
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	dxjnualhm.epuklebfcflqrstzoxypkydhnbi.dfntpwojywsorhpra

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

dxjnualhm.epuklebfcflqrstzoxypkydhnbi.dfntpwojywsorhpra

ioc	pid	process
/data/user/0/dxjnualhm.epuklebfcflqrstzoxypkydhnbi.dfntpwojywsorhpra/app_DynamicOptDex/qq.json	6234	dxjnualhm.epuklebfcflqrstzoxypkydhnbi.dfntpwojywsorhpra
/data/user/0/dxjnualhm.epuklebfcflqrstzoxypkydhnbi.dfntpwojywsorhpra/app_DynamicOptDex/qq.json	6234	dxjnualhm.epuklebfcflqrstzoxypkydhnbi.dfntpwojywsorhpra

dxjnualhm.epuklebfcflqrstzoxypkydhnbi.dfntpwojywsorhpra
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:6234

getprop ro.miui.ui.version.name
2⤵
PID:6447

getprop ro.miui.ui.version.name
2⤵
PID:6541

getprop ro.miui.ui.version.name
2⤵
PID:7249

getprop ro.miui.ui.version.name
2⤵
PID:7386

getprop ro.miui.ui.version.name
2⤵
PID:7426

getprop ro.miui.ui.version.name
2⤵
PID:7463

getprop ro.miui.ui.version.name
2⤵
PID:7494

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/dxjnualhm.epuklebfcflqrstzoxypkydhnbi.dfntpwojywsorhpra/app_DynamicOptDex/oat/qq.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/dxjnualhm.epuklebfcflqrstzoxypkydhnbi.dfntpwojywsorhpra/app_DynamicOptDex/qq.json
Filesize
716KB

MD5
a49c8df09249454111a074209ecfd342

SHA1
fbdf86ed4aadd3d4083d45874af2ab5a64b86b8b

SHA256
e52863ca603e4b2c85afddfb5f5cf2da7bab538d31989906831104aca260a3c3

SHA512
f974c946f1a7e21472a2e6c46a43c0e5690b6fdd780ccbb55bab7bcf01a44f12dd990f87c5cdf72e3efda88f4930a470d85b07a51841c990170f176907b57459

Download Submit
/data/user/0/dxjnualhm.epuklebfcflqrstzoxypkydhnbi.dfntpwojywsorhpra/app_DynamicOptDex/qq.json
Filesize
716KB

MD5
fb9dddcbda9cf4ff94fa11f9fe9fd163

SHA1
f001fcc99a1a73438989ce85bcdc7093599ffc6e

SHA256
90160640efee63dbe96c5646c57a21e51c187190654de164b393c77f38823f69

SHA512
5a555272e874117d3ad17704e786ab6261b84356794e80c960b0797399a391461f738e845bfa6b77d74ec59ccfedbaa09afc04a1d1c40c7eb8f6e61b6587ccb4

Download Submit
/data/user/0/dxjnualhm.epuklebfcflqrstzoxypkydhnbi.dfntpwojywsorhpra/app_DynamicOptDex/qq.json
Filesize
716KB

MD5
fb9dddcbda9cf4ff94fa11f9fe9fd163

SHA1
f001fcc99a1a73438989ce85bcdc7093599ffc6e

SHA256
90160640efee63dbe96c5646c57a21e51c187190654de164b393c77f38823f69

SHA512
5a555272e874117d3ad17704e786ab6261b84356794e80c960b0797399a391461f738e845bfa6b77d74ec59ccfedbaa09afc04a1d1c40c7eb8f6e61b6587ccb4

Download Submit

Analysis

Sharing