Overview

overview

10

Static

static

7

0258fc4cb7...80.apk

android_x86

10

0258fc4cb7...80.apk

android_x64

10

0258fc4cb7...80.apk

android_x64

10

Analysis

  • max time kernel
    4074823s
  • max time network
    165s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    23/05/2022, 21:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0258fc4cb74f7ed7f80b584df34583b309dff5d438c0e14c06dc1d3943d8ec80.apk

  • Size

    1.5MB

  • MD5

    0de236017a40cc9de91fe1072ac38cd0

  • SHA1

    06cbd0a6495fbce0acb01d7c1b1b28b95bf8bcb3

  • SHA256

    0258fc4cb74f7ed7f80b584df34583b309dff5d438c0e14c06dc1d3943d8ec80

  • SHA512

    ab77e7f31c3871c909aef2d0466a25d321f6a7098370e4348b7dd8196c940609a5fcbd5677a7d9ad8da6cae8a62e8bb47ae84419504d1a449c4eed73ce16de3c

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://odry.london

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • tfcqzk.lofst.hkgkaucmthtsmy
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:6237
    • getprop ro.miui.ui.version.name
      2⤵
        PID:6441
      • getprop ro.miui.ui.version.name
        2⤵
          PID:6541
        • getprop ro.miui.ui.version.name
          2⤵
            PID:6942
          • getprop ro.miui.ui.version.name
            2⤵
              PID:7357
            • getprop ro.miui.ui.version.name
              2⤵
                PID:7391
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:7429
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:7464

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/user/0/tfcqzk.lofst.hkgkaucmthtsmy/app_DynamicOptDex/ujTe.json
                  Filesize

                  691KB

                  MD5

                  051b874de4dfbea6f5c73a99a9e9c3e3

                  SHA1

                  d7585e5ebfaf8955ce6294ac1fedffa5ff0623c4

                  SHA256

                  46bbc527f8b8aee00544f90447679242ca71b883879bac0ceabfe967f469e4f7

                  SHA512

                  0ed118e5a674e66d3b6e490e222c9131dd6cdbfd73389b12687ee2560c85785af71456e8087b2afab6dc7e4b556fc668f200dd48186f1792f2486120628b4448

                  Download Submit

                • /data/user/0/tfcqzk.lofst.hkgkaucmthtsmy/app_DynamicOptDex/ujTe.json
                  Filesize

                  691KB

                  MD5

                  d9769c25bc619c107d177bfdf92a45ee

                  SHA1

                  5a55ac71a8316b6e5e26c51b9ef02cdf8eafb04a

                  SHA256

                  f67098ce6e7f0ea6cb2809f5c7215c479489a68936992cf41db690ec92d1f233

                  SHA512

                  d29b4db99a5148f5b72c96d77aeb6a7b6d353acf772f328b99fa6d8d9d7cdce6a69216673376d3dca9601102879b560bd0879e69b4116d40d199f1cf6cce2756

                  Download Submit

                • /data/user/0/tfcqzk.lofst.hkgkaucmthtsmy/app_DynamicOptDex/ujTe.json
                  Filesize

                  691KB

                  MD5

                  d9769c25bc619c107d177bfdf92a45ee

                  SHA1

                  5a55ac71a8316b6e5e26c51b9ef02cdf8eafb04a

                  SHA256

                  f67098ce6e7f0ea6cb2809f5c7215c479489a68936992cf41db690ec92d1f233

                  SHA512

                  d29b4db99a5148f5b72c96d77aeb6a7b6d353acf772f328b99fa6d8d9d7cdce6a69216673376d3dca9601102879b560bd0879e69b4116d40d199f1cf6cce2756

                  Download Submit