alienbot | f6f8556893eed8e97c92c7d7043a1cb4f14481d43e81c780fc197b3d0291b2a3

Analysis

max time kernel
4138585s
max time network
171s
platform
android_x64
resource
android-x64-arm64-20220310-en
submitted
24-05-2022 14:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f6f8556893eed8e97c92c7d7043a1cb4f14481d43e81c780fc197b3d0291b2a3.apk
Size

1.4MB
MD5

493f2107a91f649cbc0e2409e809aa42
SHA1

c1502b9453a5b5a95f9f4357868bd8158913a682
SHA256

f6f8556893eed8e97c92c7d7043a1cb4f14481d43e81c780fc197b3d0291b2a3
SHA512

4fd29abced69840f3117873350df690eea4833fedc8161b18a1382bd06a838f7e920e4f0fa04a9c6e074f2dca9960bdaa90468d660de1fc06a35b69ee032a308

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

http://easy13.ru.com

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

oydokcng.nsp.xzkcidsubcn

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	oydokcng.nsp.xzkcidsubcn
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	oydokcng.nsp.xzkcidsubcn

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

oydokcng.nsp.xzkcidsubcn

ioc	pid	Process
/data/user/0/oydokcng.nsp.xzkcidsubcn/app_DynamicOptDex/LiiMkp.json	7008	oydokcng.nsp.xzkcidsubcn
/data/user/0/oydokcng.nsp.xzkcidsubcn/app_DynamicOptDex/LiiMkp.json	7008	oydokcng.nsp.xzkcidsubcn

oydokcng.nsp.xzkcidsubcn
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:7008
- getprop ro.miui.ui.version.name
  2⤵
  PID:7176
- getprop ro.miui.ui.version.name
  2⤵
  PID:7263
- getprop ro.miui.ui.version.name
  2⤵
  PID:7329
- getprop ro.miui.ui.version.name
  2⤵
  PID:7362
- getprop ro.miui.ui.version.name
  2⤵
  PID:7397
- getprop ro.miui.ui.version.name
  2⤵
  PID:7447
- getprop ro.miui.ui.version.name
  2⤵
  PID:7496

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/oydokcng.nsp.xzkcidsubcn/app_DynamicOptDex/LiiMkp.json

Filesize
679KB

MD5
68b14959a371cabacfb2080f78957ce3

SHA1
cd5d773815d018155072b1cdd066e71fd6f56772

SHA256
0bba5a876e540a2e79c0584f819fd1b7e8cda94500304d99258dc7c66ce7b0dd

SHA512
352607382a588ff3203af943e9817f0c2a8243257dc1b0e9b869a4b4881f5cc12170daf124694ef50485395e71d0b8573c58cafe4007598802e4d9b03f1be61c

Download Submit
/data/user/0/oydokcng.nsp.xzkcidsubcn/app_DynamicOptDex/LiiMkp.json

Filesize
679KB

MD5
15bf46db77d19affd812057584d54a8e

SHA1
8a13c73c829c3cc86c834d064b9b8daf49b8e8b1

SHA256
cf2a4c95714fdcf6e82f641b0465488a3077a55c516b8ad626dac370eb59f243

SHA512
f0f4b06af52a0fb4b7e211320fe1ca894c51bfa39f93dc40f3bf8b52952acac1a37e9b1e91fab03a7228127af75e25429e1448526f31eabea71a79cb5d2db402

Download Submit
/data/user/0/oydokcng.nsp.xzkcidsubcn/app_DynamicOptDex/LiiMkp.json

Filesize
679KB

MD5
15bf46db77d19affd812057584d54a8e

SHA1
8a13c73c829c3cc86c834d064b9b8daf49b8e8b1

SHA256
cf2a4c95714fdcf6e82f641b0465488a3077a55c516b8ad626dac370eb59f243

SHA512
f0f4b06af52a0fb4b7e211320fe1ca894c51bfa39f93dc40f3bf8b52952acac1a37e9b1e91fab03a7228127af75e25429e1448526f31eabea71a79cb5d2db402

Download Submit
/data/user/0/oydokcng.nsp.xzkcidsubcn/app_DynamicOptDex/oat/LiiMkp.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit