Overview

overview

10

Static

static

7

ad8b5eef6f...5c.apk

android_x86

10

ad8b5eef6f...5c.apk

android_x64

10

ad8b5eef6f...5c.apk

android_x64

10

Analysis

  • max time kernel
    3844017s
  • max time network
    166s
  • platform
    android_x64
  • resource
    android-x64-20220310-en
  • submitted
    21/05/2022, 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad8b5eef6fb6ce5220a64b12410677a7f664f536ae9c1b80decf291f78862e5c.apk

  • Size

    1.5MB

  • MD5

    09f25d87b259cd5b82eb0be8232cd69a

  • SHA1

    9b1476f909cd800542b531a4cf9c3129ead82cfa

  • SHA256

    ad8b5eef6fb6ce5220a64b12410677a7f664f536ae9c1b80decf291f78862e5c

  • SHA512

    2c487aa6303a3c63b46592e83c8b7ad53c0bf17859c2c33fc04db94e821e2f5c8687b126178f4f15901fc509e51914488b38fb1f914972d4b3520cc273bac5ab

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://installerflas453873.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • ohmh.palytyluakix.hce
    1⤵
    • Loads dropped Dex/Jar
    PID:6038
    • getprop ro.miui.ui.version.name
      2⤵
        PID:6227
      • getprop ro.miui.ui.version.name
        2⤵
          PID:6678
        • getprop ro.miui.ui.version.name
          2⤵
            PID:7216
          • getprop ro.miui.ui.version.name
            2⤵
              PID:7252
            • getprop ro.miui.ui.version.name
              2⤵
                PID:7345
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:7380

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • /data/user/0/ohmh.palytyluakix.hce/app_DynamicOptDex/ORRNm.json
                Filesize

                692KB

                MD5

                dce974a8af6e9dcf31d61774a771e7c7

                SHA1

                a87daed99178f012573c983fe5e3c2409a42fe0d

                SHA256

                a5c6c8985165207809230e43c795e5d684d067dd6220acfcfc86349292f26904

                SHA512

                a7660bdbbadbfa4eee935e34ff2faea11d754e89f8f04a94568ac044aa4d978456bff86de4ef6cd95208430ddd4e7daa5823d78036b560f2efa7e10aedaefc88

                Download Submit

              • /data/user/0/ohmh.palytyluakix.hce/app_DynamicOptDex/ORRNm.json
                Filesize

                692KB

                MD5

                82698c9c2d5a7028c291db28dd318734

                SHA1

                609ac21b3c44a17640ec2ad5067db2830f1383a7

                SHA256

                89088d9bf79520b9f390bac2bf8772b331c82063b804e2f8dcd02d556ec705b6

                SHA512

                3d191f21bf5f86eb6d5db866265d2297b411c7f179311574379107cf3f4a4e016bc4cbe6c7b825fde404c7ad67dba34307525bd5f13e4c5cba26b424ce34548e

                Download Submit

              • /data/user/0/ohmh.palytyluakix.hce/app_DynamicOptDex/ORRNm.json
                Filesize

                692KB

                MD5

                82698c9c2d5a7028c291db28dd318734

                SHA1

                609ac21b3c44a17640ec2ad5067db2830f1383a7

                SHA256

                89088d9bf79520b9f390bac2bf8772b331c82063b804e2f8dcd02d556ec705b6

                SHA512

                3d191f21bf5f86eb6d5db866265d2297b411c7f179311574379107cf3f4a4e016bc4cbe6c7b825fde404c7ad67dba34307525bd5f13e4c5cba26b424ce34548e

                Download Submit