alienbot | dba7f022b4cce63f1717f461af490637f8f634f75b839ec318bb6866dac94750

Analysis

max time kernel
606290s
max time network
165s
platform
android_x64
resource
android-x64-arm64-20220310-en
submitted
02-06-2022 11:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DBA7F022B4CCE63F1717F461AF490637F8F634F75B839EC318BB6866DAC94750.apk
Size

2.0MB
MD5

12258242e922d3d8ee08825f62caf147
SHA1

d9cf92de75b867fbfb79f96d48a35ed760fe40e2
SHA256

dba7f022b4cce63f1717f461af490637f8f634f75b839ec318bb6866dac94750
SHA512

f9cc0733d1e23532ed0b691ba1be794af18d823a782b69a7be492df1eb5cd4512b8839fc13521352d4cb92b8e901d95fed58bf51965144628eaf6adba45b171b

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

http://ukalasey4.com

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

saoucydedyery.wkg.ycrorpyjoshzrmjbqbbybyi

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	saoucydedyery.wkg.ycrorpyjoshzrmjbqbbybyi
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	saoucydedyery.wkg.ycrorpyjoshzrmjbqbbybyi

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

saoucydedyery.wkg.ycrorpyjoshzrmjbqbbybyi

ioc	pid	Process
/data/user/0/saoucydedyery.wkg.ycrorpyjoshzrmjbqbbybyi/app_DynamicOptDex/rPwDcm.json	6985	saoucydedyery.wkg.ycrorpyjoshzrmjbqbbybyi
/data/user/0/saoucydedyery.wkg.ycrorpyjoshzrmjbqbbybyi/app_DynamicOptDex/rPwDcm.json	6985	saoucydedyery.wkg.ycrorpyjoshzrmjbqbbybyi

saoucydedyery.wkg.ycrorpyjoshzrmjbqbbybyi
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
PID:6985
- getprop ro.miui.ui.version.name
  2⤵
  PID:7089
- getprop ro.miui.ui.version.name
  2⤵
  PID:7214
- getprop ro.miui.ui.version.name
  2⤵
  PID:7257
- getprop ro.miui.ui.version.name
  2⤵
  PID:7311

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/saoucydedyery.wkg.ycrorpyjoshzrmjbqbbybyi/app_DynamicOptDex/oat/rPwDcm.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/saoucydedyery.wkg.ycrorpyjoshzrmjbqbbybyi/app_DynamicOptDex/rPwDcm.json

Filesize
669KB

MD5
d52a6da47a4955b10dab9633c65ce78a

SHA1
54003ee8f4a2a80ffa52eb237f82028ad8417ec8

SHA256
38e865990c9053cdf2779aa05197a52df15ba686f85c6f7ae5558184bee1e256

SHA512
5595de98ffe624c966999471fdd2a6110aac82732760c143bc64f3663fac99c8b5ceee73506a7c5c2a86764da7751ad0f7d4b3cdb79a344106dbc529537bde58

Download Submit
/data/user/0/saoucydedyery.wkg.ycrorpyjoshzrmjbqbbybyi/app_DynamicOptDex/rPwDcm.json

Filesize
669KB

MD5
2e8cef20b2f5413ec81bb56efac5df33

SHA1
df1efcd0993f583f701d477086e16c923bababef

SHA256
43e09e150daa063922cb75072597e7ad5d5fcb8e34f59691a5d9d479cec727b1

SHA512
3dd4a88b48e02dcf0b4752ae704dbff2bc3aaceba771e5cc323318323f98ac52eb33e67243b8be0fa4b35ab69d5311294a6689ebd83fa3a9b4d38cf5c138f2d7

Download Submit
/data/user/0/saoucydedyery.wkg.ycrorpyjoshzrmjbqbbybyi/app_DynamicOptDex/rPwDcm.json

Filesize
669KB

MD5
2e8cef20b2f5413ec81bb56efac5df33

SHA1
df1efcd0993f583f701d477086e16c923bababef

SHA256
43e09e150daa063922cb75072597e7ad5d5fcb8e34f59691a5d9d479cec727b1

SHA512
3dd4a88b48e02dcf0b4752ae704dbff2bc3aaceba771e5cc323318323f98ac52eb33e67243b8be0fa4b35ab69d5311294a6689ebd83fa3a9b4d38cf5c138f2d7

Download Submit