Overview

overview

10

Static

static

7

636e6bb160...b9.apk

android_x86

10

636e6bb160...b9.apk

android_x64

10

636e6bb160...b9.apk

android_x64

10

Analysis

  • max time kernel
    470216s
  • max time network
    161s
  • platform
    android_x64
  • resource
    android-x64-20220310-en
  • submitted
    31-05-2022 21:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    636e6bb1609d32901854c24eff620ad85de622ec631972ddef3f229d3fca68b9.apk

  • Size

    1.5MB

  • MD5

    d4ebe921214d02ca01d3e066c6191514

  • SHA1

    4356fdfada6840feb82cf990416be5fd370471df

  • SHA256

    636e6bb1609d32901854c24eff620ad85de622ec631972ddef3f229d3fca68b9

  • SHA512

    297f70474a6a344475f758ab76100bb9a28fa3ad0047df77739ae91dc223041d63b7adecca75ddc417444c8204fc6195000024ba965398d2b894786aee128e4e

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://hizlisan.xyz/

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • com.figure.tonight
    1⤵
    • Loads dropped Dex/Jar
    PID:6219
    • getprop ro.miui.ui.version.name
      2⤵
        PID:6312

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/user/0/com.figure.tonight/app_DynamicOptDex/oXtGyt.json
      Filesize

      238KB

      MD5

      faa76997b37825b6de3dbe8027b2ee8b

      SHA1

      00614d72f39c53745998c23dcce7781e5c9e4b78

      SHA256

      bee9e8dff1c563c8f0c0c4369b334b7391a1f1735606bf05e0b05eb87a09b2f5

      SHA512

      3250251e7e6db9b08d37baf77fc3312133f8f77144569695b4a7446d5e2a7a9c57ac66cee07ad69b7c22591f0153e15418f1b93d150a95065a5978566f018b59

      Download Submit

    • /data/user/0/com.figure.tonight/app_DynamicOptDex/oXtGyt.json
      Filesize

      483KB

      MD5

      9cd4738309775fe7895d8f8fbb3acc6f

      SHA1

      4c5babb67b30c087b8a93f9eb008020516c21917

      SHA256

      f5b45c09f07d06ccfc413bd3e066b4f6da7b289d09397c1695ce0f1808fd18bd

      SHA512

      ca6d5f6db457f15c6ebfd31dfe8ee30e71a84f7d01d59ee1305076ab1e87207568e378dcc78e2b37cf9182b7146376bdc2c35d7ec9daf289681b7132730102c9

      Download Submit

    • /data/user/0/com.figure.tonight/app_DynamicOptDex/oat/oXtGyt.json.cur.prof
      MD5

      d41d8cd98f00b204e9800998ecf8427e

      SHA1

      da39a3ee5e6b4b0d3255bfef95601890afd80709

      SHA256

      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      SHA512

      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

      Download Submit