alienbot | 2e5146a6bff5821cff33c6865ee47612ebc717896db5b36c16e95da8af74fa32

Analysis

max time kernel
4166560s
max time network
166s
platform
android_x64
resource
android-x64-20220310-en
submitted
24-05-2022 23:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e5146a6bff5821cff33c6865ee47612ebc717896db5b36c16e95da8af74fa32.apk
Size

1.6MB
MD5

6565c0a99bd8d3ea41c0c1284c4b8ec2
SHA1

a4bbfabb518cdacd5d4247875dd47ec0c1c7b666
SHA256

2e5146a6bff5821cff33c6865ee47612ebc717896db5b36c16e95da8af74fa32
SHA512

fce08ed9513faeb8e651fd13e1163361bd6d58b396a7fa79636baf48608c2406151cb326a8df282bfc0a66974bf14c2759522d6e461147334feb12329a25bb44

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

http://perlof.site

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

fwoqzznmhseowkrpymo.aucscbmamzwwommejzdpum.xzuybem

ioc	pid	Process
/data/user/0/fwoqzznmhseowkrpymo.aucscbmamzwwommejzdpum.xzuybem/app_DynamicOptDex/ilff.json	6188	fwoqzznmhseowkrpymo.aucscbmamzwwommejzdpum.xzuybem
/data/user/0/fwoqzznmhseowkrpymo.aucscbmamzwwommejzdpum.xzuybem/app_DynamicOptDex/ilff.json	6188	fwoqzznmhseowkrpymo.aucscbmamzwwommejzdpum.xzuybem

fwoqzznmhseowkrpymo.aucscbmamzwwommejzdpum.xzuybem
1⤵
- Loads dropped Dex/Jar
PID:6188
- getprop ro.miui.ui.version.name
  2⤵
  PID:6306
- getprop ro.miui.ui.version.name
  2⤵
  PID:6441
- getprop ro.miui.ui.version.name
  2⤵
  PID:6485
- getprop ro.miui.ui.version.name
  2⤵
  PID:6535
- getprop ro.miui.ui.version.name
  2⤵
  PID:6571
- getprop ro.miui.ui.version.name
  2⤵
  PID:6627
- getprop ro.miui.ui.version.name
  2⤵
  PID:6661

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/fwoqzznmhseowkrpymo.aucscbmamzwwommejzdpum.xzuybem/app_DynamicOptDex/ilff.json

Filesize
706KB

MD5
b8054a19e4e52a030e23dbb85ee6d00e

SHA1
969112bec8e96a08f04d8948ccd7009f4720d4b7

SHA256
1f4504ff7c481ea2cfd7ad062ac84ba0e6c6442e8f54c8ca4561463c35470a5b

SHA512
d088d9fb9ead04e8178321582d61baccd196e65ba61a60e9029ecac81c9ff0eceb1cb2ebb4012f14af571784fa1c67eb846893f864192d839d62225dea7fdf16

Download Submit
/data/user/0/fwoqzznmhseowkrpymo.aucscbmamzwwommejzdpum.xzuybem/app_DynamicOptDex/ilff.json

Filesize
706KB

MD5
9ef279c007af05cc3d582e52450146df

SHA1
da6d16ebe3b9d7ae6a8e65b4edc9316df25ec1b6

SHA256
7b238a4455bb5c9e91330179853fde2acc9c93bec4b469a01ded9674f0b2b8f3

SHA512
f8a2d70c1d9c40b44e01dd31e3aac0d9555a252459803a1dab60a4f1d6dfbdfbcd1744a1e69d8619759423b713c01138266421497b647ca4644713f8b01445ef

Download Submit
/data/user/0/fwoqzznmhseowkrpymo.aucscbmamzwwommejzdpum.xzuybem/app_DynamicOptDex/ilff.json

Filesize
706KB

MD5
9ef279c007af05cc3d582e52450146df

SHA1
da6d16ebe3b9d7ae6a8e65b4edc9316df25ec1b6

SHA256
7b238a4455bb5c9e91330179853fde2acc9c93bec4b469a01ded9674f0b2b8f3

SHA512
f8a2d70c1d9c40b44e01dd31e3aac0d9555a252459803a1dab60a4f1d6dfbdfbcd1744a1e69d8619759423b713c01138266421497b647ca4644713f8b01445ef

Download Submit
/data/user/0/fwoqzznmhseowkrpymo.aucscbmamzwwommejzdpum.xzuybem/app_DynamicOptDex/oat/ilff.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit