Overview

overview

10

Static

static

7

C387776CA8...D5.apk

android_x86

10

C387776CA8...D5.apk

android_x64

10

C387776CA8...D5.apk

android_x64

10

Analysis

  • max time kernel
    607170s
  • max time network
    165s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    02/06/2022, 11:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    C387776CA83F974B07F761497887DFFFC7676E6098FA9574E27560CF84E1EBD5.apk

  • Size

    2.0MB

  • MD5

    32b235614bf9e2bac4d2df27d8361afa

  • SHA1

    2b021cb06aa3985796181c221e678821d31b5b4f

  • SHA256

    c387776ca83f974b07f761497887dfffc7676e6098fa9574e27560cf84e1ebd5

  • SHA512

    0730b9224809b6d06d860c2ed6d510fee99cc1685206f8e93c3a8009544e4d9d5711ab58a820ac030db4835138f038d75a059e0e61f54bdeed6574663862e1b0

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://kurutses11.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • pfbsl.hhfblgimarotrxhbgzrxhmlzb.leaslqsej
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:6931
    • getprop ro.miui.ui.version.name
      2⤵
        PID:7102
      • getprop ro.miui.ui.version.name
        2⤵
          PID:7229

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /data/user/0/pfbsl.hhfblgimarotrxhbgzrxhmlzb.leaslqsej/app_DynamicOptDex/TMLx.json
        Filesize

        741KB

        MD5

        1c69a04bbdf15c9416a33b737c935994

        SHA1

        da49991636e879f8b618c9a87a8decf1937c0b1e

        SHA256

        9b6e47c1dfc1c27f5de7ea9e7246f86d5043ec9d3f35681db9883eac4600452d

        SHA512

        0b13343a44f4345152993c26ea56853a531c3f7a938b9f1a895a1e53ec70b0c61cdf1844df338bb38ed6b039fa3aae261ed76d9ad07010d4051b0e99d293fbb6

        Download Submit

      • /data/user/0/pfbsl.hhfblgimarotrxhbgzrxhmlzb.leaslqsej/app_DynamicOptDex/TMLx.json
        Filesize

        741KB

        MD5

        5018addba04da8b5200d604454bb0434

        SHA1

        156fdc702a7197ee8d992b00a98dcf261ae649b1

        SHA256

        18faa9b570b5becab15d5443cf7b560294236368033e8d8b12c34846b7bbcc84

        SHA512

        e5f1880bc60bcbc5a9cc18b9066e3db6fd69751284cac3e56a09fdfa7775e083a09e542d3df8b362c79cd676e5d30345be2f613d1e7d364640055656c79456f5

        Download Submit

      • /data/user/0/pfbsl.hhfblgimarotrxhbgzrxhmlzb.leaslqsej/app_DynamicOptDex/TMLx.json
        Filesize

        741KB

        MD5

        5018addba04da8b5200d604454bb0434

        SHA1

        156fdc702a7197ee8d992b00a98dcf261ae649b1

        SHA256

        18faa9b570b5becab15d5443cf7b560294236368033e8d8b12c34846b7bbcc84

        SHA512

        e5f1880bc60bcbc5a9cc18b9066e3db6fd69751284cac3e56a09fdfa7775e083a09e542d3df8b362c79cd676e5d30345be2f613d1e7d364640055656c79456f5

        Download Submit