alienbot | 416b8132857e150bbb4b8dab7ffe94d28d13c485efeb54afe2e58ccca7361d42

Analysis

max time kernel
608869s
max time network
162s
platform
android_x64
resource
android-x64-20220310-en
submitted
02-06-2022 11:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

416B8132857E150BBB4B8DAB7FFE94D28D13C485EFEB54AFE2E58CCCA7361D42.apk
Size

2.4MB
MD5

f065d7db0a94da8f2556f094245baf21
SHA1

45ec5c68a522c1f8806a0b467fb8a89bb0fc57e9
SHA256

416b8132857e150bbb4b8dab7ffe94d28d13c485efeb54afe2e58ccca7361d42
SHA512

9b3e0e85fb6a2db82d8d16b17756b02367cd64e85cd4a3d3f569c60719ed61f4f4cfe010186473819a617e3d6a5ba678093af24dbc3152eb1a2c9a2105aaab8b

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

http://kucsas2.com

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

ulslbqm.pzsnyylkjuhkhpctscfjwntn.ssdsweseezd

ioc	pid	Process
/data/user/0/ulslbqm.pzsnyylkjuhkhpctscfjwntn.ssdsweseezd/app_DynamicOptDex/jw.json	6283	ulslbqm.pzsnyylkjuhkhpctscfjwntn.ssdsweseezd
/data/user/0/ulslbqm.pzsnyylkjuhkhpctscfjwntn.ssdsweseezd/app_DynamicOptDex/jw.json	6283	ulslbqm.pzsnyylkjuhkhpctscfjwntn.ssdsweseezd

ulslbqm.pzsnyylkjuhkhpctscfjwntn.ssdsweseezd
1⤵
- Loads dropped Dex/Jar
PID:6283
- getprop ro.miui.ui.version.name
  2⤵
  PID:6358
- getprop ro.miui.ui.version.name
  2⤵
  PID:6466
- getprop ro.miui.ui.version.name
  2⤵
  PID:6511
- getprop ro.miui.ui.version.name
  2⤵
  PID:6561
- getprop ro.miui.ui.version.name
  2⤵
  PID:6613
- getprop ro.miui.ui.version.name
  2⤵
  PID:6652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/ulslbqm.pzsnyylkjuhkhpctscfjwntn.ssdsweseezd/app_DynamicOptDex/jw.json

Filesize
610KB

MD5
04ba0b0fe366b58c33e7d13d757ce320

SHA1
2412a790bcec41d7fc1ff2ad7f16e50938fe56df

SHA256
c0d92b5532c8e216d6ec94d552343839797e5a56c3a204e8a845ea5c5c5e1cdf

SHA512
00508b7df303d2e6ceeaf4f7c4fbfe9ff4c512da515f5d67fb3d89b51f291df4c0809bd9f3231bbed7628975f63c699f3311bc107ce331d52d80e4e975e771e7

Download Submit
/data/user/0/ulslbqm.pzsnyylkjuhkhpctscfjwntn.ssdsweseezd/app_DynamicOptDex/jw.json

Filesize
610KB

MD5
bf063aa2119c8a4dc6f3cc781ffed21a

SHA1
7cacf797b5e7f6e94ddb1920f38095fbeaca02dc

SHA256
4a2a9a37989ad92b6e1c31d4f5d10769ac4e870a4ab3ab189ba90360121ce07d

SHA512
088df9cacbbbe8741793c08ef0ceaba94483176de53740c45fb9970782eaf9dcd7465686e9e1233ddd408f0726336789872a6224f4cf16d62fed8b94b566ae69

Download Submit
/data/user/0/ulslbqm.pzsnyylkjuhkhpctscfjwntn.ssdsweseezd/app_DynamicOptDex/jw.json

Filesize
610KB

MD5
bf063aa2119c8a4dc6f3cc781ffed21a

SHA1
7cacf797b5e7f6e94ddb1920f38095fbeaca02dc

SHA256
4a2a9a37989ad92b6e1c31d4f5d10769ac4e870a4ab3ab189ba90360121ce07d

SHA512
088df9cacbbbe8741793c08ef0ceaba94483176de53740c45fb9970782eaf9dcd7465686e9e1233ddd408f0726336789872a6224f4cf16d62fed8b94b566ae69

Download Submit
/data/user/0/ulslbqm.pzsnyylkjuhkhpctscfjwntn.ssdsweseezd/app_DynamicOptDex/oat/jw.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit