alienbot | f11aa442642b1d21abc624121358a2e8206cb5c46d0fdb473450b045d3b77956

General

Target

f11aa442642b1d21abc624121358a2e8206cb5c46d0fdb473450b045d3b77956.apk
Size

1.8MB
MD5

1af531ab2146d62a2d7ade0b9598e04b
SHA1

0123fb13995de05085fabf7306f69e573d02cd3c
SHA256

f11aa442642b1d21abc624121358a2e8206cb5c46d0fdb473450b045d3b77956
SHA512

7b928f122e2ddc84f0fa2a2bde06ad21dd5689320544d7d5a8193698affa95d1f0054d557226dd91e31b3dd23b063453c8027ad25b87ed82bd1cf457c730cbd3

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

C2

http://installerflas678352.xyz

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

eqlkqihxfaza.eycquwzufnziqqjckzxpksnmluo.begreeacocwxef

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	eqlkqihxfaza.eycquwzufnziqqjckzxpksnmluo.begreeacocwxef
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	eqlkqihxfaza.eycquwzufnziqqjckzxpksnmluo.begreeacocwxef

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

eqlkqihxfaza.eycquwzufnziqqjckzxpksnmluo.begreeacocwxef

ioc	pid	process
/data/user/0/eqlkqihxfaza.eycquwzufnziqqjckzxpksnmluo.begreeacocwxef/app_DynamicOptDex/RENYQEO.json	5569	eqlkqihxfaza.eycquwzufnziqqjckzxpksnmluo.begreeacocwxef
/data/user/0/eqlkqihxfaza.eycquwzufnziqqjckzxpksnmluo.begreeacocwxef/app_DynamicOptDex/RENYQEO.json	5569	eqlkqihxfaza.eycquwzufnziqqjckzxpksnmluo.begreeacocwxef

eqlkqihxfaza.eycquwzufnziqqjckzxpksnmluo.begreeacocwxef
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:5569

getprop ro.miui.ui.version.name
2⤵
PID:6240

getprop ro.miui.ui.version.name
2⤵
PID:6598

getprop ro.miui.ui.version.name
2⤵
PID:6648

getprop ro.miui.ui.version.name
2⤵
PID:6703

getprop ro.miui.ui.version.name
2⤵
PID:7145

getprop ro.miui.ui.version.name
2⤵
PID:7187

getprop ro.miui.ui.version.name
2⤵
PID:7226

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/eqlkqihxfaza.eycquwzufnziqqjckzxpksnmluo.begreeacocwxef/app_DynamicOptDex/RENYQEO.json
Filesize
731KB

MD5
2b6dc028a35e3f1df5e0a758c393c342

SHA1
e698494e8f4a1a58b7d761687c1f5a6a847dfcc6

SHA256
8f9bd021c54565581f56134a86543b841305438b4ab612e27a252c42961577bc

SHA512
c2481175b72f476dba63b3e08432b6dfe322804cfe99ecfe7ea4e4cde39244a2861ec7fc2588906ea1b7ed49132f296d32cbeffd3fce77d80f047193a42a7c73

Download Submit
/data/user/0/eqlkqihxfaza.eycquwzufnziqqjckzxpksnmluo.begreeacocwxef/app_DynamicOptDex/RENYQEO.json
Filesize
731KB

MD5
044cf8823dfdd7c530563a9e902baa99

SHA1
4e95cadd9965024a0b80c4e8e96563e914512eed

SHA256
23f01c2fbb5cee82d9af62ddd35f12129575b79a17b129c4f6d19218c20840f6

SHA512
a5239c092c0ad1191a17bcceac2ef322635ba441e28643b7e00192254d3eee6c9b0bb5f5c5a3b3d09b60a467bb996d63ff69e63fb7509511409e82cd3813bf98

Download Submit
/data/user/0/eqlkqihxfaza.eycquwzufnziqqjckzxpksnmluo.begreeacocwxef/app_DynamicOptDex/RENYQEO.json
Filesize
731KB

MD5
044cf8823dfdd7c530563a9e902baa99

SHA1
4e95cadd9965024a0b80c4e8e96563e914512eed

SHA256
23f01c2fbb5cee82d9af62ddd35f12129575b79a17b129c4f6d19218c20840f6

SHA512
a5239c092c0ad1191a17bcceac2ef322635ba441e28643b7e00192254d3eee6c9b0bb5f5c5a3b3d09b60a467bb996d63ff69e63fb7509511409e82cd3813bf98

Download Submit
/data/user/0/eqlkqihxfaza.eycquwzufnziqqjckzxpksnmluo.begreeacocwxef/app_DynamicOptDex/oat/RENYQEO.json.cur.prof
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing