Overview

overview

10

Static

static

7

8e363a4e88...92.apk

android_x86

10

8e363a4e88...92.apk

android_x64

10

8e363a4e88...92.apk

android_x64

10

Analysis

  • max time kernel
    3844044s
  • max time network
    170s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    21/05/2022, 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8e363a4e88cc7abc6ef6385970f35f6f4c0b56b9a081023c72a51cf248729c92.apk

  • Size

    1.5MB

  • MD5

    2c50fa7640659abfb258d8e9ec574412

  • SHA1

    6ffc1d4a019f0b1743c714aed7bc45db6e098344

  • SHA256

    8e363a4e88cc7abc6ef6385970f35f6f4c0b56b9a081023c72a51cf248729c92

  • SHA512

    d81250236c7afa70f9bb0b9def99cbf5bbb7a504dd2a5687d5ca7135e0556ba4b0da7b0f29100539204f3fd1cb77391336cf28b94678a29e682fab5c3c9c98db

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://kaatellech.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • facgwzqn.kmyzxbystdexjgrjdslgah.ucygtpgemzubxijylbb
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:6663
    • getprop ro.miui.ui.version.name
      2⤵
        PID:6772
      • getprop ro.miui.ui.version.name
        2⤵
          PID:6951
        • getprop ro.miui.ui.version.name
          2⤵
            PID:7007
          • getprop ro.miui.ui.version.name
            2⤵
              PID:7052
            • getprop ro.miui.ui.version.name
              2⤵
                PID:7100
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:7134
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:7183

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/user/0/facgwzqn.kmyzxbystdexjgrjdslgah.ucygtpgemzubxijylbb/app_DynamicOptDex/rpS.json
                  Filesize

                  644KB

                  MD5

                  5b0f7ae6f8d5f69c33e436efb50bf969

                  SHA1

                  550f4a3393fb88a7288d5831a12f40a75f5477f6

                  SHA256

                  8215f387964277dbfebd48b65f63172cf91746e12eb6a0378fc1f3594fa331a1

                  SHA512

                  4c8b8fc84f97f678d21d6874983b68326f4c631b14c756b27e3e23641504716570b0ce9a47558b3a26c2cb4469a55ad73f6a38abeead77ca891c5e2675a553f4

                  Download Submit

                • /data/user/0/facgwzqn.kmyzxbystdexjgrjdslgah.ucygtpgemzubxijylbb/app_DynamicOptDex/rpS.json
                  Filesize

                  644KB

                  MD5

                  69725176724db29b6e0d08ea10278e39

                  SHA1

                  8638875373dbc8d11f67f8f46a9d9ce3eb3a24a9

                  SHA256

                  2b304708b67518af365fe243b6fe1323be796c0193960a3b05f568da2b0ed488

                  SHA512

                  da9c53f0258bcf34bffb352910af637c286a07bd3d98ebea84c29647f10f7e48d5b881745a2209d1c9e40fd53e533324f76ed82fea03672eba8c89436f8a0377

                  Download Submit

                • /data/user/0/facgwzqn.kmyzxbystdexjgrjdslgah.ucygtpgemzubxijylbb/app_DynamicOptDex/rpS.json
                  Filesize

                  644KB

                  MD5

                  69725176724db29b6e0d08ea10278e39

                  SHA1

                  8638875373dbc8d11f67f8f46a9d9ce3eb3a24a9

                  SHA256

                  2b304708b67518af365fe243b6fe1323be796c0193960a3b05f568da2b0ed488

                  SHA512

                  da9c53f0258bcf34bffb352910af637c286a07bd3d98ebea84c29647f10f7e48d5b881745a2209d1c9e40fd53e533324f76ed82fea03672eba8c89436f8a0377

                  Download Submit