alienbot | 35bc5fb59d33e48cc86b9df91ad92d7bd826e7cbfaeb65ceb901318b0652ceb7

Analysis

max time kernel
609701s
max time network
166s
platform
android_x64
resource
android-x64-20220310-en
submitted
02-06-2022 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35BC5FB59D33E48CC86B9DF91AD92D7BD826E7CBFAEB65CEB901318B0652CEB7.apk
Size

1.8MB
MD5

b1bd9844707d455e9e2710aacfc30b68
SHA1

215f3e25bb47c47f55bea88adf51e77f97ad6295
SHA256

35bc5fb59d33e48cc86b9df91ad92d7bd826e7cbfaeb65ceb901318b0652ceb7
SHA512

0b172b2acfab85a968a83a09ad45046e1831e96196ffb66f32f49bbfeb9f64c0dbd5ef13efefe2453fbbe9ad9b4bff6100b38b3987de7b282feacfb4dfdadf97

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

http://konusuyonyapraam.cyou

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

wizoejwr.bbxjeugyx.izjmksif

ioc	pid	Process
/data/user/0/wizoejwr.bbxjeugyx.izjmksif/app_DynamicOptDex/EXDbJ.json	6305	wizoejwr.bbxjeugyx.izjmksif
/data/user/0/wizoejwr.bbxjeugyx.izjmksif/app_DynamicOptDex/EXDbJ.json	6305	wizoejwr.bbxjeugyx.izjmksif

wizoejwr.bbxjeugyx.izjmksif
1⤵
- Loads dropped Dex/Jar
PID:6305
- getprop ro.miui.ui.version.name
  2⤵
  PID:6431
- getprop ro.miui.ui.version.name
  2⤵
  PID:6526
- getprop ro.miui.ui.version.name
  2⤵
  PID:6595
- getprop ro.miui.ui.version.name
  2⤵
  PID:6628
- getprop ro.miui.ui.version.name
  2⤵
  PID:6677
- getprop ro.miui.ui.version.name
  2⤵
  PID:6715
- getprop ro.miui.ui.version.name
  2⤵
  PID:6765

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/wizoejwr.bbxjeugyx.izjmksif/app_DynamicOptDex/EXDbJ.json

Filesize
728KB

MD5
767867387b8491f8fdd2ee21944d57ac

SHA1
33836774734c6b9e096bb1e9613c718440fffd95

SHA256
bf25e086a66e00fd017ca7d7a28a7d877b91f0c66a9662745df5a83e8c718c25

SHA512
6046fea407ffff3fe2b9f504ffc505ea5b91be91d8cf6d8f133a6e5a7366dddc633e4f18a7cdeebcb5997f6d0af8d80aa2c01531c2e6b804244367ea86808c40

Download Submit
/data/user/0/wizoejwr.bbxjeugyx.izjmksif/app_DynamicOptDex/EXDbJ.json

Filesize
728KB

MD5
657b6faea43f6b7842eb496a0a8f78e5

SHA1
b7e35c8024136114d84d48e20b6f98298fb20418

SHA256
b197c2a988d33367a894747f9c0b00e8d101b1cfaef8367431ad915a84f97e80

SHA512
2396d2e6af19460c90a7f2497d3255e424a9a166c4a051acf7328607174e445675ba732d210e9ca397d9246a35b18a8f29184810f94e07fca457d43f9e1dc82f

Download Submit
/data/user/0/wizoejwr.bbxjeugyx.izjmksif/app_DynamicOptDex/EXDbJ.json

Filesize
728KB

MD5
657b6faea43f6b7842eb496a0a8f78e5

SHA1
b7e35c8024136114d84d48e20b6f98298fb20418

SHA256
b197c2a988d33367a894747f9c0b00e8d101b1cfaef8367431ad915a84f97e80

SHA512
2396d2e6af19460c90a7f2497d3255e424a9a166c4a051acf7328607174e445675ba732d210e9ca397d9246a35b18a8f29184810f94e07fca457d43f9e1dc82f

Download Submit
/data/user/0/wizoejwr.bbxjeugyx.izjmksif/app_DynamicOptDex/oat/EXDbJ.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit