Overview

overview

10

Static

static

7

A4B7579BDB...E3.apk

android_x86

10

A4B7579BDB...E3.apk

android_x64

10

A4B7579BDB...E3.apk

android_x64

10

Analysis

  • max time kernel
    607761s
  • max time network
    165s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    02-06-2022 11:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    A4B7579BDB00A60461BE39F8579E12C6B0F2C239547CEDF9F18C5C6ECCFBBCE3.apk

  • Size

    2.0MB

  • MD5

    7b94ddbef59300a54f7d227a5a572335

  • SHA1

    bb24108cb8f295dd9cd211ebe8c8aa704ef9a189

  • SHA256

    a4b7579bdb00a60461be39f8579e12c6b0f2c239547cedf9f18c5c6eccfbbce3

  • SHA512

    fff83fc7cb1cfe316ffb35e3935320c58c2dce292e0dd043227bdd68949b668c5d21b1635416ae8791eee44c31d5cdb85f786cdf8d088923626b158db4e3099b

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://ukalasey.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • izkedmghbqdztn.iinequq.xzic
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:7038
    • getprop ro.miui.ui.version.name
      2⤵
        PID:7146
      • getprop ro.miui.ui.version.name
        2⤵
          PID:7267
        • getprop ro.miui.ui.version.name
          2⤵
            PID:7322
          • getprop ro.miui.ui.version.name
            2⤵
              PID:7363
            • getprop ro.miui.ui.version.name
              2⤵
                PID:7402
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:7455
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:7488

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/user/0/izkedmghbqdztn.iinequq.xzic/app_DynamicOptDex/GrgeQPO.json
                  Filesize

                  703KB

                  MD5

                  e1a3275cbe570a336c066169e7a8e41d

                  SHA1

                  0cc690dd678fc70fe4bbcd8cc35692442eadddd9

                  SHA256

                  3aa437b266ee4c7cea62dee32fb1f6f6ee16bdf6d07c7c66edf274f98ff96fe4

                  SHA512

                  c95e65ee415226b8c36948c50423627db75ca8aab21e5ecb0514cd1999213e9e055245e76b94b7d860f16474bc3dca783306e401d57f0b5c246562e69410a2b5

                  Download Submit

                • /data/user/0/izkedmghbqdztn.iinequq.xzic/app_DynamicOptDex/GrgeQPO.json
                  Filesize

                  703KB

                  MD5

                  792ff833507f0ba71a3436bdb47a8bfd

                  SHA1

                  5e27205380db09df14303f23adb508854704a38f

                  SHA256

                  0780edaaadb40bb021f76f3007666e40d2c25f9c9bb4afad4fcb904e38d44da8

                  SHA512

                  e2eb8e40716d82a629ee8836392cc4415d99b73ad941ce61bfee656b24ee2c4e05923517f5ad29b296877b7902b0f675f57e72b5c3cd6071e651f69abb7213e9

                  Download Submit

                • /data/user/0/izkedmghbqdztn.iinequq.xzic/app_DynamicOptDex/GrgeQPO.json
                  Filesize

                  703KB

                  MD5

                  792ff833507f0ba71a3436bdb47a8bfd

                  SHA1

                  5e27205380db09df14303f23adb508854704a38f

                  SHA256

                  0780edaaadb40bb021f76f3007666e40d2c25f9c9bb4afad4fcb904e38d44da8

                  SHA512

                  e2eb8e40716d82a629ee8836392cc4415d99b73ad941ce61bfee656b24ee2c4e05923517f5ad29b296877b7902b0f675f57e72b5c3cd6071e651f69abb7213e9

                  Download Submit