alienbot | cc5f4a18e941c2fa4a18eef960d33d1a117ad25c58cd918d41fccf16c3e0097e

Analysis

Target

cc5f4a18e941c2fa4a18eef960d33d1a117ad25c58cd918d41fccf16c3e0097e.apk
Size

336KB
MD5

2029dc4e50b8ef17073bca6c129afd1b
SHA1

c36f206e599359cbf9a64b409713c5d21c6d5009
SHA256

cc5f4a18e941c2fa4a18eef960d33d1a117ad25c58cd918d41fccf16c3e0097e
SHA512

9ec1d1425c2e051d4c75f9db17918fff1a3dbacfa22827f9cd2ab320a1e75f1703e0da98f63cf49a4eff93a92c8c4452d4de1687f7bd7f5b8e05d1fccd498421

Score

10^/10

Family

alienbot

http://digitalmark.top

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

com.yzqzuyhrdwemb.tcyuqwk

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.yzqzuyhrdwemb.tcyuqwk
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.yzqzuyhrdwemb.tcyuqwk

Acquires the wake lock. 1 IoCs

Processes:

com.yzqzuyhrdwemb.tcyuqwk

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.yzqzuyhrdwemb.tcyuqwk

com.yzqzuyhrdwemb.tcyuqwk
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
PID:6831
- getprop ro.miui.ui.version.name
  2⤵
  PID:7116
- getprop ro.miui.ui.version.name
  2⤵
  PID:7234
- getprop ro.miui.ui.version.name
  2⤵
  PID:7277
- getprop ro.miui.ui.version.name
  2⤵
  PID:7331
- getprop ro.miui.ui.version.name
  2⤵
  PID:7362
- getprop ro.miui.ui.version.name
  2⤵
  PID:7400
- getprop ro.miui.ui.version.name
  2⤵
  PID:7437