Overview

overview

10

Static

static

7

018c7cb705...b9.apk

android_x86

10

018c7cb705...b9.apk

android_x64

10

018c7cb705...b9.apk

android_x64

10

Analysis

  • max time kernel
    472961s
  • max time network
    77s
  • platform
    android_x86
  • resource
    android-x86-arm-20220310-en
  • submitted
    31-05-2022 21:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    018c7cb70595ddf5fada24d8ca226d1e8efd2738300087c13189a60c311de8b9.apk

  • Size

    1.1MB

  • MD5

    5fc6b6e3e3489e9820b6a8d5d11f57e0

  • SHA1

    9b1e3231529e9b4d92682342901fe036ffdca928

  • SHA256

    018c7cb70595ddf5fada24d8ca226d1e8efd2738300087c13189a60c311de8b9

  • SHA512

    c5fc59c24bfd783dcf1252447346108d3305d98535b233691845382b69ffa9226a21120a2b50cc5ebd46b58b507e721e1bc3cc74cddbdc4a028a0e9b43127bc5

Score
10/10
alienbotbankerevasioninfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://nnnxxceolmaz.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Removes a system notification. 1 IoCs
    evasion

Processes

  • com.library.hollow
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    PID:5159
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.library.hollow/app_DynamicOptDex/CeMmSnF.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.library.hollow/app_DynamicOptDex/oat/x86/CeMmSnF.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:5189

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.library.hollow/app_DynamicOptDex/CeMmSnF.json
    Filesize

    238KB

    MD5

    f5d8865e51ee17215230600c35aa0542

    SHA1

    edf8b823589ed6fc4508a88dd7c8c67fb9c4966a

    SHA256

    260a042b7ba49cdfef7b42bf6f66142004bb767d2352fa4112e590ace74fd81b

    SHA512

    1b21b1107e19d2c09a0f0df77973df0c82f9569070b56ab0d89df5569187a7670055889a6efd4d880cc71de5d3a8c9f5dc4fca28d040053c79104dbd17556ef4

    Download Submit

  • /data/user/0/com.library.hollow/app_DynamicOptDex/CeMmSnF.json
    Filesize

    483KB

    MD5

    91f44f472c7487b5eb465331727a637f

    SHA1

    df1ccf2d379204adc620c24ec3063752071317f4

    SHA256

    5de3819f0d708d7a194f8e4c6c9b69914e0979f7bc21cba022ab02c546c09f76

    SHA512

    d2da99c5900614a667f048975264b67b8087c2428cc065e97b71e71da86960d551f643beeaa2dc322cd4c83c09bbdd6f7854af6f7ba127174bfd199c9db458b0

    Download Submit

  • /data/user/0/com.library.hollow/app_DynamicOptDex/CeMmSnF.json
    Filesize

    483KB

    MD5

    2a7b8d887cc8d4ec1988a108e9e32bd1

    SHA1

    1eaf4c45de142de9c5a31a587bb4c13e06c2f2da

    SHA256

    0e0a0421098a0234bb27d54e616abdb71f496cbca8dd9044abdcc92bb1b9ae3a

    SHA512

    a9066db37e50d83440853feb14e5b2261244049626dcb0a6cfaaf661d3eb7bf57e2e1997e2414ceaed2b53cb6d1b2017c8353de9da359211584e4877c7c58e3e

    Download Submit

  • /data/user/0/com.library.hollow/app_DynamicOptDex/CeMmSnF.json.x86.flock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.library.hollow/app_DynamicOptDex/oat/CeMmSnF.json.cur.prof
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.library.hollow/app_DynamicOptDex/oat/x86/CeMmSnF.odex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.library.hollow/app_DynamicOptDex/oat/x86/CeMmSnF.vdex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.library.hollow/app_webview/GPUCache/index
    Filesize

    20B

    MD5

    93027d42b314432c4216e6cfca48b384

    SHA1

    43448dd8102979c3926828182579691945eedd4e

    SHA256

    3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

    SHA512

    a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

    Download Submit

  • /data/user/0/com.library.hollow/app_webview/GPUCache/index-dir/temp-index
    Filesize

    48B

    MD5

    5a4e87027aa6d3187935d00b18d5bb47

    SHA1

    d58229b0a1953795dff8b264df5a442a00618fd8

    SHA256

    641bfe02e35c30598a54ad912e3150d0bace2404aa5e27a74a0f169c13891a44

    SHA512

    4f68e1b42f0120a408a4c263f21c19c1b06d5c9aa39c6cc1777b8fa92a0329510eacc3fcf32d272d053e965cc5e3be3c2b254107da9dbd1d1da8fca50d1248d5

    Download Submit

  • /data/user/0/com.library.hollow/app_webview/Web Data
    Filesize

    104KB

    MD5

    dc79f9ce5f3ab5270b33e61119dfc959

    SHA1

    1844bf222a5144b513dcf2fb50a18c011701c647

    SHA256

    47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

    SHA512

    18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

    Download Submit

  • /data/user/0/com.library.hollow/app_webview/Web Data-journal
    Filesize

    1KB

    MD5

    28c6583d0b2897573d37a6974558d7e8

    SHA1

    c1d2cad09ce5d7b96f2e3fe29b89437f373679ea

    SHA256

    4d6b03ffc018b2da346136c6912011f738dd59f3cd28da0aa86931b18f84ab64

    SHA512

    55e6845b7338077654a64b21ff070dfd510d2b9e9c4dfe4fcae3828eaaabe971c5c78edd1523c02b16ac3360db6b44eadffe08a91992922b9b6b5a74bcea0be3

    Download Submit

  • /data/user/0/com.library.hollow/app_webview/metrics_guid
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.library.hollow/app_webview/metrics_guid
    Filesize

    36B

    MD5

    0c5ba522ce7b3015f269e50c8fbe0fcb

    SHA1

    fde531795e13109e26a8d68a19787d7efb2b17ed

    SHA256

    a8bba1476e8c531be392ebf7e748aaebdc6b6b7423ea6ca2eccf270f3a4661e0

    SHA512

    4e0bf793d556e0baa7b3744da4c07fb8153eeb6b08a62e969c46ef41173b68eef2e75ea02538b248a3237d12f280da6cf951cd1e673f0787e0db2fcef0b98aae

    Download Submit

  • /data/user/0/com.library.hollow/app_webview/variations_seed_new
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.library.hollow/app_webview/variations_stamp
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.library.hollow/app_webview/webview_data.lock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.library.hollow/shared_prefs/WebViewChromiumPrefs.xml
    Filesize

    127B

    MD5

    21223e9184445fe043476484cd8cb1f9

    SHA1

    2b4813f849121d60ba35eb0889080668bb62c778

    SHA256

    bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

    SHA512

    be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

    Download Submit