alienbot | 477e5d17a0065cc5fb5fd03d4cc867c6c552bb5f221f7aa2178414b9e5a86631

Analysis

max time kernel
3869190s
max time network
164s
platform
android_x64
resource
android-x64-20220310-en
submitted
21-05-2022 12:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

477e5d17a0065cc5fb5fd03d4cc867c6c552bb5f221f7aa2178414b9e5a86631.apk
Size

2.0MB
MD5

4d740e1be49691ba85ea6bc864758b19
SHA1

fa4a22a59574f1e5d13a0b04283309625af0f9a0
SHA256

477e5d17a0065cc5fb5fd03d4cc867c6c552bb5f221f7aa2178414b9e5a86631
SHA512

5ec2103d83f8e9ce1f28897ab58a1b26e429060ac836e6f5827e68fd39b73bed9b075dc6ce709aeddeba1b1aae4ec5117b4fb676a6f380ed3d799d2f262ec5ac

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

http://postkod.com

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

ylj.oerdpcf.nmrezdkuxnopyljfasnk

ioc	pid	process
/data/user/0/ylj.oerdpcf.nmrezdkuxnopyljfasnk/app_DynamicOptDex/XDrQfaQ.json	6184	ylj.oerdpcf.nmrezdkuxnopyljfasnk
/data/user/0/ylj.oerdpcf.nmrezdkuxnopyljfasnk/app_DynamicOptDex/XDrQfaQ.json	6184	ylj.oerdpcf.nmrezdkuxnopyljfasnk

ylj.oerdpcf.nmrezdkuxnopyljfasnk
1⤵
- Loads dropped Dex/Jar
PID:6184

getprop ro.miui.ui.version.name
2⤵
PID:6390

getprop ro.miui.ui.version.name
2⤵
PID:7115

getprop ro.miui.ui.version.name
2⤵
PID:7169

getprop ro.miui.ui.version.name
2⤵
PID:7356

getprop ro.miui.ui.version.name
2⤵
PID:7397

getprop ro.miui.ui.version.name
2⤵
PID:7444

getprop ro.miui.ui.version.name
2⤵
PID:7480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ylj.oerdpcf.nmrezdkuxnopyljfasnk/app_DynamicOptDex/XDrQfaQ.json
Filesize
676KB

MD5
43f3fae1d21cd84b051f6a439a6fcab7

SHA1
db18cca6fa98c63399616482efac12bbd1747136

SHA256
99a174b72271807140247b555e7fe36f167bbc67daeeabb4b6d65c7a62efb725

SHA512
0de64a181191f77fe6f4deacfc2f403884bee94a6e3c4a4f9de008bb5544b87e580ec5236377b080e4c9c800bd5fa602cbf92069c13ee6775234c1e1267e1069

Download Submit
/data/user/0/ylj.oerdpcf.nmrezdkuxnopyljfasnk/app_DynamicOptDex/XDrQfaQ.json
Filesize
676KB

MD5
f18911197816660007608b08b52461bb

SHA1
21821c2f1a2a84ecfe063c682b0372eb657430bf

SHA256
7bd6c223daad37bf3bc8b9dde54c33ce79d3d94e11cfd40528543650112cf3aa

SHA512
c2f635b915eac0bdc289274a0066d701fd49c371e8c87248fd1973baacccd8d32041fe55ec28fb44535409ffd9fc08603403e054fdfce3dc741c9ed9f37e4690

Download Submit
/data/user/0/ylj.oerdpcf.nmrezdkuxnopyljfasnk/app_DynamicOptDex/XDrQfaQ.json
Filesize
676KB

MD5
f18911197816660007608b08b52461bb

SHA1
21821c2f1a2a84ecfe063c682b0372eb657430bf

SHA256
7bd6c223daad37bf3bc8b9dde54c33ce79d3d94e11cfd40528543650112cf3aa

SHA512
c2f635b915eac0bdc289274a0066d701fd49c371e8c87248fd1973baacccd8d32041fe55ec28fb44535409ffd9fc08603403e054fdfce3dc741c9ed9f37e4690

Download Submit
/data/user/0/ylj.oerdpcf.nmrezdkuxnopyljfasnk/app_DynamicOptDex/oat/XDrQfaQ.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit