alienbot | 486afd2192aa17f4e95da012b549ab70cf2d250a6e7a12210010a6c413c7e2ae | Triage

Analysis

max time kernel
606616s
max time network
168s
platform
android_x64
resource
android-x64-arm64-20220310-en
submitted
02-06-2022 11:17

Sharing

Report Analysis Logs

General

Target

486AFD2192AA17F4E95DA012B549AB70CF2D250A6E7A12210010A6C413C7E2AE.apk
Size

306KB
MD5

63c10ff97b867eade1b841963801b662
SHA1

33062f6c1bcc468bf4a51296b8eeb08fb1a2a03e
SHA256

486afd2192aa17f4e95da012b549ab70cf2d250a6e7a12210010a6c413c7e2ae
SHA512

ec73125fea196e2360472e9f7789ba613638ed35780bfc8c697e02037293f96b1f91000693d6a91a4946997c9d6ae883e99486c46ab31bde43775cb7191d66cd

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

C2

http://zesasar8.com

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Makes use of the framework's Accessibility service. 2 IoCs

Processes:

com.ilcyoqlbbgnsetby.vfzfnnzrc

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.ilcyoqlbbgnsetby.vfzfnnzrc
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.ilcyoqlbbgnsetby.vfzfnnzrc

com.ilcyoqlbbgnsetby.vfzfnnzrc
1⤵
- Makes use of the framework's Accessibility service.
PID:6658
- getprop ro.miui.ui.version.name
  2⤵
  PID:6762
- getprop ro.miui.ui.version.name
  2⤵
  PID:6976
- getprop ro.miui.ui.version.name
  2⤵
  PID:7038
- getprop ro.miui.ui.version.name
  2⤵
  PID:7088
- getprop ro.miui.ui.version.name
  2⤵
  PID:7133
- getprop ro.miui.ui.version.name
  2⤵
  PID:7165
- getprop ro.miui.ui.version.name
  2⤵
  PID:7205

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads