Overview

overview

10

Static

static

7

F1E42FDF34...C5.apk

android_x86

10

F1E42FDF34...C5.apk

android_x64

10

F1E42FDF34...C5.apk

android_x64

10

Analysis

  • max time kernel
    596445s
  • max time network
    166s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    02-06-2022 08:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    F1E42FDF3428E1252F5A8256A1DEDFCF777A8078FF5A0EFF143B2D0210E5F5C5.apk

  • Size

    1.9MB

  • MD5

    8697fdccda7b06aba78aea207702dad7

  • SHA1

    3f3ba34611a807a7b720e6f48ae86415886ff49d

  • SHA256

    f1e42fdf3428e1252f5a8256a1dedfcf777a8078ff5a0eff143b2d0210e5f5c5

  • SHA512

    b56f4c8e23ade8c9ebcad0f98d8e3c5b0682caac171e60125bd442eaaf680f03444566dd6eac8a2ba84d7fd83a4ac159e620a2b7414b0491c93c9110f47058b5

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://tayyipbey32.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • oyyrcoyjrstuqwlouscqfharzjz.mrzwgwsaihou.onoljdka
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    PID:6255
    • getprop ro.miui.ui.version.name
      2⤵
        PID:6496
      • getprop ro.miui.ui.version.name
        2⤵
          PID:6607

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/user/0/oyyrcoyjrstuqwlouscqfharzjz.mrzwgwsaihou.onoljdka/app_DynamicOptDex/hLeQjGN.json
        Filesize

        684KB

        MD5

        7b7e6b301de1ef46f587d8b484fea44c

        SHA1

        8c9fd952099d0b0206a19631853105e394593058

        SHA256

        8634414aa75bc944818f334f93ee01c0fdb292cecf1e2f98e7fc396f7e54ffb4

        SHA512

        16d978f1124a7db2f4b763775317a4724071934a2584bdb2ea63d171b3ac045fa570d309a460ff9580cf4f053c9d965bd7d5dfd7d0b77aec2e61acb77e8c67c3

        Download Submit

      • /data/user/0/oyyrcoyjrstuqwlouscqfharzjz.mrzwgwsaihou.onoljdka/app_DynamicOptDex/hLeQjGN.json
        Filesize

        684KB

        MD5

        b481b8198faedabb1bc2e8f4483f190e

        SHA1

        21c3c8ab2d293fdc9541e5c991d7f60c5365974a

        SHA256

        87606a47bcd054bab525740f04dcdd010d5e15641d57ecb6a02c44ab6b2d9aa7

        SHA512

        271b069d8bef2ea844bd5557df6e1530cfcff62c106f78bf46f44d002964fc81e7f5b804925a5748207e15c90d71c44c327e96ade1335a914dbeff185e60afc3

        Download Submit

      • /data/user/0/oyyrcoyjrstuqwlouscqfharzjz.mrzwgwsaihou.onoljdka/app_DynamicOptDex/hLeQjGN.json
        Filesize

        684KB

        MD5

        b481b8198faedabb1bc2e8f4483f190e

        SHA1

        21c3c8ab2d293fdc9541e5c991d7f60c5365974a

        SHA256

        87606a47bcd054bab525740f04dcdd010d5e15641d57ecb6a02c44ab6b2d9aa7

        SHA512

        271b069d8bef2ea844bd5557df6e1530cfcff62c106f78bf46f44d002964fc81e7f5b804925a5748207e15c90d71c44c327e96ade1335a914dbeff185e60afc3

        Download Submit

      • /data/user/0/oyyrcoyjrstuqwlouscqfharzjz.mrzwgwsaihou.onoljdka/app_DynamicOptDex/oat/hLeQjGN.json.cur.prof
        MD5

        d41d8cd98f00b204e9800998ecf8427e

        SHA1

        da39a3ee5e6b4b0d3255bfef95601890afd80709

        SHA256

        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

        SHA512

        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

        Download Submit