alienbot | 9afb2fd955dcb5668148b0f9c311ff130c996dc549834bc9cfcab2d652fa9adc

Analysis

max time kernel
4168619s
max time network
166s
platform
android_x64
resource
android-x64-arm64-20220310-en
submitted
24-05-2022 23:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9afb2fd955dcb5668148b0f9c311ff130c996dc549834bc9cfcab2d652fa9adc.apk
Size

1.9MB
MD5

5cc2a048c2ae4db2f40b05c81d480ba5
SHA1

1c94950ba4b204721f4da889d9b9035990d638f5
SHA256

9afb2fd955dcb5668148b0f9c311ff130c996dc549834bc9cfcab2d652fa9adc
SHA512

8d934d984d411fd3dc872e89fee358064d9bc44287bc7c8d9c24ae4b1433688d7e849ca2144e14af51344b75b9481c685a9bb79439f69fbe2b368105d4282377

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

http://cokomellatomalarko.top

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

rbrxthoqamnr.daih.uzcgqxwmacponb

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	rbrxthoqamnr.daih.uzcgqxwmacponb
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	rbrxthoqamnr.daih.uzcgqxwmacponb

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

rbrxthoqamnr.daih.uzcgqxwmacponb

ioc	pid	Process
/data/user/0/rbrxthoqamnr.daih.uzcgqxwmacponb/app_DynamicOptDex/bW.json	5842	rbrxthoqamnr.daih.uzcgqxwmacponb
/data/user/0/rbrxthoqamnr.daih.uzcgqxwmacponb/app_DynamicOptDex/bW.json	5842	rbrxthoqamnr.daih.uzcgqxwmacponb

rbrxthoqamnr.daih.uzcgqxwmacponb
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:5842
- getprop ro.miui.ui.version.name
  2⤵
  PID:5988
- getprop ro.miui.ui.version.name
  2⤵
  PID:6133
- getprop ro.miui.ui.version.name
  2⤵
  PID:6174
- getprop ro.miui.ui.version.name
  2⤵
  PID:6247
- getprop ro.miui.ui.version.name
  2⤵
  PID:6283
- getprop ro.miui.ui.version.name
  2⤵
  PID:6318
- getprop ro.miui.ui.version.name
  2⤵
  PID:6354

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/rbrxthoqamnr.daih.uzcgqxwmacponb/app_DynamicOptDex/bW.json

Filesize
645KB

MD5
28d1c822b953c7dccbacaeb59b7d41a6

SHA1
2c056408fd9b944a1af96c0e3243cdf239239c18

SHA256
b2883d3454fa18ea21455e1234344fbf3570847885df6d8a32890c97754adaf2

SHA512
91ed37afb46d0b344643f162c542bcd58a439fd8e5e13164d5cc129faa335b8166a78339c3641384ee37bf12699d891e758ea3e93991b24ae7b01bd43f00e0d0

Download Submit
/data/user/0/rbrxthoqamnr.daih.uzcgqxwmacponb/app_DynamicOptDex/bW.json

Filesize
645KB

MD5
9b135a33d7a3e08a51183dde5a3cbbde

SHA1
2665f0f41e23ec9ab8bdf5b7d7eee33337ab24a8

SHA256
14bec07721b620e91648d9db793910c74b6307c63abffcdc0f0b2c7cf31cea43

SHA512
b4d075b1dea1e56b97fb009b60bde9229adaf99d8e69559348af2342f8d327ff40023e06df7b8b2aca1f5b2d074773372a4841a8c3a2e815687660079fc993c0

Download Submit
/data/user/0/rbrxthoqamnr.daih.uzcgqxwmacponb/app_DynamicOptDex/bW.json

Filesize
645KB

MD5
9b135a33d7a3e08a51183dde5a3cbbde

SHA1
2665f0f41e23ec9ab8bdf5b7d7eee33337ab24a8

SHA256
14bec07721b620e91648d9db793910c74b6307c63abffcdc0f0b2c7cf31cea43

SHA512
b4d075b1dea1e56b97fb009b60bde9229adaf99d8e69559348af2342f8d327ff40023e06df7b8b2aca1f5b2d074773372a4841a8c3a2e815687660079fc993c0

Download Submit
/data/user/0/rbrxthoqamnr.daih.uzcgqxwmacponb/app_DynamicOptDex/oat/bW.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit