Overview

overview

10

Static

static

7

f3c92170b3...d2.apk

android_x86

10

f3c92170b3...d2.apk

android_x64

10

f3c92170b3...d2.apk

android_x64

10

Analysis

  • max time kernel
    4167286s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    24-05-2022 23:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f3c92170b3655425ff96e9bead2fcd1ced5d71616ade339c7a32e2ed8574eed2.apk

  • Size

    2.1MB

  • MD5

    0c118df69acbfbda3de3372567371052

  • SHA1

    0d96435b20d4e4cabd0dfde79ceb812cb1417cfa

  • SHA256

    f3c92170b3655425ff96e9bead2fcd1ced5d71616ade339c7a32e2ed8574eed2

  • SHA512

    2d41f215703c9f5e709babe6a45945c385233be8adc03d0c68fb971dbf2b253f30e08195f2ef33a7c4d41b6d69a7d867343fe73ea69c17d3d41f675001794c7d

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://seachkanamali.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • mgqys.leybnsdfpngzljpsbshnxkf.xzbyugsdu
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    PID:5833
    • getprop ro.miui.ui.version.name
      2⤵
        PID:5967
      • getprop ro.miui.ui.version.name
        2⤵
          PID:6107
        • getprop ro.miui.ui.version.name
          2⤵
            PID:6150
          • getprop ro.miui.ui.version.name
            2⤵
              PID:6223
            • getprop ro.miui.ui.version.name
              2⤵
                PID:6260
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:6293
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:6328

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/user/0/mgqys.leybnsdfpngzljpsbshnxkf.xzbyugsdu/app_DynamicOptDex/oat/rQc.json.cur.prof
                  MD5

                  d41d8cd98f00b204e9800998ecf8427e

                  SHA1

                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                  SHA256

                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                  SHA512

                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                  Download Submit

                • /data/user/0/mgqys.leybnsdfpngzljpsbshnxkf.xzbyugsdu/app_DynamicOptDex/rQc.json
                  Filesize

                  750KB

                  MD5

                  f7663ead36986c3817799aa5848d8e4d

                  SHA1

                  05a07c288646818dd832f818de9621543abb5ab7

                  SHA256

                  04f53b2431c89a4b839b3ba87fba1f196bd35c619f76114f3b5f0e6c86427641

                  SHA512

                  9552bc756f6d17bc49b48fcd1353e38a7fc8648a6ead03f98fd29de252f643a906ba6f5920ea3d3c6ef152a51d3a39eb7a07822e5c0e3d5a6e713b1801218c48

                  Download Submit

                • /data/user/0/mgqys.leybnsdfpngzljpsbshnxkf.xzbyugsdu/app_DynamicOptDex/rQc.json
                  Filesize

                  750KB

                  MD5

                  d1c726a946963c912eddb011d3650d1e

                  SHA1

                  e0a8702098a591ab9dcb955977ac9381757a2b60

                  SHA256

                  e4c6167efb22cfb40d89b72d3edf3f8c7cc0a0cb1b5fd213bc549e0174561abf

                  SHA512

                  78db15fa989fab3af7372dc3d533882afa167a055dd8aa087fbcf0965dafdb9a1b90341c2bfc45e28a11069b275486ca03dcbb19ca85d1fe7b7c7e8f9e0b8f31

                  Download Submit

                • /data/user/0/mgqys.leybnsdfpngzljpsbshnxkf.xzbyugsdu/app_DynamicOptDex/rQc.json
                  Filesize

                  750KB

                  MD5

                  d1c726a946963c912eddb011d3650d1e

                  SHA1

                  e0a8702098a591ab9dcb955977ac9381757a2b60

                  SHA256

                  e4c6167efb22cfb40d89b72d3edf3f8c7cc0a0cb1b5fd213bc549e0174561abf

                  SHA512

                  78db15fa989fab3af7372dc3d533882afa167a055dd8aa087fbcf0965dafdb9a1b90341c2bfc45e28a11069b275486ca03dcbb19ca85d1fe7b7c7e8f9e0b8f31

                  Download Submit