alienbot | e580133d5a564148a66bc8cb6e3cf4f673d089711f6e5607e417d0eb22123994

Analysis

max time kernel
4165576s
max time network
166s
platform
android_x64
resource
android-x64-20220310-en
submitted
24-05-2022 22:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e580133d5a564148a66bc8cb6e3cf4f673d089711f6e5607e417d0eb22123994.apk
Size

2.0MB
MD5

2889580b4a3cb93a28cf8eca33193a2b
SHA1

5c981633b21ded1661a70b373a75470fba3f26cf
SHA256

e580133d5a564148a66bc8cb6e3cf4f673d089711f6e5607e417d0eb22123994
SHA512

130c048463d43c2564924ec86ef6861b5f3619f640c8c0d1e1ef185f7c4dab20b6360d3755b317f5a3b9ce54ab8a3c0922bb19fd1ea604bfccfe0bf72f2bd4ec

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

http://burdamedemisin.top

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

xzmmijwuw.cfq.utmg

ioc	pid	Process
/data/user/0/xzmmijwuw.cfq.utmg/app_DynamicOptDex/qKoeAPk.json	6302	xzmmijwuw.cfq.utmg
/data/user/0/xzmmijwuw.cfq.utmg/app_DynamicOptDex/qKoeAPk.json	6302	xzmmijwuw.cfq.utmg

xzmmijwuw.cfq.utmg
1⤵
- Loads dropped Dex/Jar
PID:6302
- getprop ro.miui.ui.version.name
  2⤵
  PID:6388
- getprop ro.miui.ui.version.name
  2⤵
  PID:6525
- getprop ro.miui.ui.version.name
  2⤵
  PID:6594
- getprop ro.miui.ui.version.name
  2⤵
  PID:6627
- getprop ro.miui.ui.version.name
  2⤵
  PID:6677
- getprop ro.miui.ui.version.name
  2⤵
  PID:6715
- getprop ro.miui.ui.version.name
  2⤵
  PID:6765

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/xzmmijwuw.cfq.utmg/app_DynamicOptDex/oat/qKoeAPk.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/xzmmijwuw.cfq.utmg/app_DynamicOptDex/qKoeAPk.json

Filesize
685KB

MD5
39b52698d6113c341e0cf02e98c2462e

SHA1
63952b31608f4b17a7920295703d3ff8cdeddb9f

SHA256
ce7a0065961c999fd40033208981e3524c10a540e832f6184a78a82b134c619d

SHA512
497ea0c74ac0cce320036fe512f474a1c4953ae61cbef8819d0038507512d5d9cfbfb24cdd74d7bfd1655c8ccd22d0c5a95bb24f247ec49c64d3d8d1fef5f6cf

Download Submit
/data/user/0/xzmmijwuw.cfq.utmg/app_DynamicOptDex/qKoeAPk.json

Filesize
685KB

MD5
287b3e0cba9cfae7103f759eecd9cb4e

SHA1
eba90566ba9a1f0fe179de5b4d9cc59996c11087

SHA256
75620745c29f0399903e2bcf542199829256e72d4e13881fa2f449784f52c71b

SHA512
9bcbd7ba424b3626d4dd1ca69e605c628608f91ebec03026634335898cee8fd3cb23bc37ddbe5b5c281a377c64e32e96a40984f96f6938417350c7aac74ca949

Download Submit
/data/user/0/xzmmijwuw.cfq.utmg/app_DynamicOptDex/qKoeAPk.json

Filesize
685KB

MD5
287b3e0cba9cfae7103f759eecd9cb4e

SHA1
eba90566ba9a1f0fe179de5b4d9cc59996c11087

SHA256
75620745c29f0399903e2bcf542199829256e72d4e13881fa2f449784f52c71b

SHA512
9bcbd7ba424b3626d4dd1ca69e605c628608f91ebec03026634335898cee8fd3cb23bc37ddbe5b5c281a377c64e32e96a40984f96f6938417350c7aac74ca949

Download Submit