alienbot | 192ba0f7e9eb71fdc5263128218e725964ea9f57c5f13f7888bf950d2b962ddb

Analysis

max time kernel
4161501s
max time network
160s
platform
android_x64
resource
android-x64-arm64-20220310-en
submitted
24-05-2022 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

192ba0f7e9eb71fdc5263128218e725964ea9f57c5f13f7888bf950d2b962ddb.apk
Size

1.8MB
MD5

d88b199cdb6a995b386a149dd383e15c
SHA1

c8b7697e23bc27928ae0798a7d0a509e7c25ff75
SHA256

192ba0f7e9eb71fdc5263128218e725964ea9f57c5f13f7888bf950d2b962ddb
SHA512

4e0c5f8806d0cdb956a5a634f0b97abde4c252c882cd1b0b28a441b53e11416ef75797515d3673bc65e8a1e678443928dcedac8499b8121c918d84cfbb21a1e1

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

http://gesibaglarindadolaniyorumm.top

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

iqegxigixhkd.chyklhwjdulillxayrstgoxb.uin

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	iqegxigixhkd.chyklhwjdulillxayrstgoxb.uin
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	iqegxigixhkd.chyklhwjdulillxayrstgoxb.uin

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

iqegxigixhkd.chyklhwjdulillxayrstgoxb.uin

ioc	pid	Process
/data/user/0/iqegxigixhkd.chyklhwjdulillxayrstgoxb.uin/app_DynamicOptDex/XYWeiQ.json	6944	iqegxigixhkd.chyklhwjdulillxayrstgoxb.uin
/data/user/0/iqegxigixhkd.chyklhwjdulillxayrstgoxb.uin/app_DynamicOptDex/XYWeiQ.json	6944	iqegxigixhkd.chyklhwjdulillxayrstgoxb.uin

iqegxigixhkd.chyklhwjdulillxayrstgoxb.uin
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:6944
- getprop ro.miui.ui.version.name
  2⤵
  PID:7051
- getprop ro.miui.ui.version.name
  2⤵
  PID:7181
- getprop ro.miui.ui.version.name
  2⤵
  PID:7229
- getprop ro.miui.ui.version.name
  2⤵
  PID:7284
- getprop ro.miui.ui.version.name
  2⤵
  PID:7323
- getprop ro.miui.ui.version.name
  2⤵
  PID:7355
- getprop ro.miui.ui.version.name
  2⤵
  PID:7394

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/iqegxigixhkd.chyklhwjdulillxayrstgoxb.uin/app_DynamicOptDex/XYWeiQ.json

Filesize
575KB

MD5
c2f9ef52309b02c4d28312c710208ab4

SHA1
43b968561db51da52066fc8091bd73ea128ac04b

SHA256
2d6e5aa6723c68e23415abbeba42d8b698b03f1a0cb28e3ded2954938a266e8b

SHA512
a9974edb6f648281686baa5aad5fbc7fd2882dc3fba3ed8a76c12bfb56996c9e06a16c88c42a8c63047c2607fdf0a2e8f9695ea78046a531a43d703b73a50d1f

Download Submit
/data/user/0/iqegxigixhkd.chyklhwjdulillxayrstgoxb.uin/app_DynamicOptDex/XYWeiQ.json

Filesize
575KB

MD5
c3f5e1a7a11599d0e3c2e580ba951351

SHA1
3ac8b934ca1ccaee634bae342156cbad8a750303

SHA256
be528ecab14faa7ec066abc331cb1ceee3e2ecaa7c64030387f5cf839823a8d6

SHA512
47da79449748d137cc761b5985e88e37a355b35a1517a542ee0b0f052bba37f61de727ed2e65fc4fd0ed6886431b828cd6083c5d52e22dad9865f822197aa7ce

Download Submit
/data/user/0/iqegxigixhkd.chyklhwjdulillxayrstgoxb.uin/app_DynamicOptDex/XYWeiQ.json

Filesize
575KB

MD5
c3f5e1a7a11599d0e3c2e580ba951351

SHA1
3ac8b934ca1ccaee634bae342156cbad8a750303

SHA256
be528ecab14faa7ec066abc331cb1ceee3e2ecaa7c64030387f5cf839823a8d6

SHA512
47da79449748d137cc761b5985e88e37a355b35a1517a542ee0b0f052bba37f61de727ed2e65fc4fd0ed6886431b828cd6083c5d52e22dad9865f822197aa7ce

Download Submit
/data/user/0/iqegxigixhkd.chyklhwjdulillxayrstgoxb.uin/app_DynamicOptDex/oat/XYWeiQ.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit