Overview

overview

10

Static

static

7

ad8b5eef6f...5c.apk

android_x86

10

ad8b5eef6f...5c.apk

android_x64

10

ad8b5eef6f...5c.apk

android_x64

10

Analysis

  • max time kernel
    3844030s
  • max time network
    168s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    21/05/2022, 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ad8b5eef6fb6ce5220a64b12410677a7f664f536ae9c1b80decf291f78862e5c.apk

  • Size

    1.5MB

  • MD5

    09f25d87b259cd5b82eb0be8232cd69a

  • SHA1

    9b1476f909cd800542b531a4cf9c3129ead82cfa

  • SHA256

    ad8b5eef6fb6ce5220a64b12410677a7f664f536ae9c1b80decf291f78862e5c

  • SHA512

    2c487aa6303a3c63b46592e83c8b7ad53c0bf17859c2c33fc04db94e821e2f5c8687b126178f4f15901fc509e51914488b38fb1f914972d4b3520cc273bac5ab

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://installerflas453873.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • ohmh.palytyluakix.hce
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:7095
    • getprop ro.miui.ui.version.name
      2⤵
        PID:7209
      • getprop ro.miui.ui.version.name
        2⤵
          PID:7304
        • getprop ro.miui.ui.version.name
          2⤵
            PID:7364
          • getprop ro.miui.ui.version.name
            2⤵
              PID:7396
            • getprop ro.miui.ui.version.name
              2⤵
                PID:7434
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:7487
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:7521

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/user/0/ohmh.palytyluakix.hce/app_DynamicOptDex/ORRNm.json
                  Filesize

                  692KB

                  MD5

                  dce974a8af6e9dcf31d61774a771e7c7

                  SHA1

                  a87daed99178f012573c983fe5e3c2409a42fe0d

                  SHA256

                  a5c6c8985165207809230e43c795e5d684d067dd6220acfcfc86349292f26904

                  SHA512

                  a7660bdbbadbfa4eee935e34ff2faea11d754e89f8f04a94568ac044aa4d978456bff86de4ef6cd95208430ddd4e7daa5823d78036b560f2efa7e10aedaefc88

                  Download Submit

                • /data/user/0/ohmh.palytyluakix.hce/app_DynamicOptDex/ORRNm.json
                  Filesize

                  692KB

                  MD5

                  82698c9c2d5a7028c291db28dd318734

                  SHA1

                  609ac21b3c44a17640ec2ad5067db2830f1383a7

                  SHA256

                  89088d9bf79520b9f390bac2bf8772b331c82063b804e2f8dcd02d556ec705b6

                  SHA512

                  3d191f21bf5f86eb6d5db866265d2297b411c7f179311574379107cf3f4a4e016bc4cbe6c7b825fde404c7ad67dba34307525bd5f13e4c5cba26b424ce34548e

                  Download Submit

                • /data/user/0/ohmh.palytyluakix.hce/app_DynamicOptDex/ORRNm.json
                  Filesize

                  692KB

                  MD5

                  82698c9c2d5a7028c291db28dd318734

                  SHA1

                  609ac21b3c44a17640ec2ad5067db2830f1383a7

                  SHA256

                  89088d9bf79520b9f390bac2bf8772b331c82063b804e2f8dcd02d556ec705b6

                  SHA512

                  3d191f21bf5f86eb6d5db866265d2297b411c7f179311574379107cf3f4a4e016bc4cbe6c7b825fde404c7ad67dba34307525bd5f13e4c5cba26b424ce34548e

                  Download Submit