alienbot | dec340eeb4c335f5f5d49180ba48256217f743ef9c355a10f0e4f43ee15a4311

Analysis

max time kernel
615598s
max time network
153s
platform
android_x86
resource
android-x86-arm-20220310-en
submitted
02/06/2022, 11:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DEC340EEB4C335F5F5D49180BA48256217F743EF9C355A10F0E4F43EE15A4311.apk
Size

1.9MB
MD5

345c01f117d5dcbe54cb2a7a73d878d6
SHA1

5f55a8e0ff4ece709e2868c58f87db11c45ffb18
SHA256

dec340eeb4c335f5f5d49180ba48256217f743ef9c355a10f0e4f43ee15a4311
SHA512

3709847d0ed7885aef46e6b8aafb601230dd0288e82f6aea05ff099b8d34af315bc0b36f849d38f38d0ebd58008182ecdef7e237473c40982103d3f44160a67f

Score

10^/10

alienbot banker evasion infostealer trojan

Malware Config

Extracted

Family

alienbot

http://dreambufadfuxla.xyz

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Makes use of the framework's Accessibility service. 2 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia/app_DynamicOptDex/HPwR.json	5046	mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia
/data/user/0/mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia/app_DynamicOptDex/HPwR.json	5101	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia/app_DynamicOptDex/HPwR.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia/app_DynamicOptDex/oat/x86/HPwR.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia/app_DynamicOptDex/HPwR.json	5046	mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia

mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Removes a system notification.
PID:5046
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia/app_DynamicOptDex/HPwR.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia/app_DynamicOptDex/oat/x86/HPwR.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:5101

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia/app_DynamicOptDex/HPwR.json

Filesize
704KB

MD5
11ecae4cc9eaa72e0c1f0d12e6afc689

SHA1
a45936b4045bb6b28c1f7c20132f3c5ab6d19596

SHA256
7aebc234c54e3f119d74403df38d64cacc712856564b5c2927967cc77d775821

SHA512
b3369b027e1a6d147602e5f067f5f97ff01377df07ad411af6f9e00e5e4fdad9933d8d3ba5f742c2018f10cba6c01d5af940e33ee917651c71ee28f678e9c9c3

Download Submit
/data/user/0/mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia/app_DynamicOptDex/HPwR.json

Filesize
704KB

MD5
77fedad313dbf1c835c63c7a6a4a59b1

SHA1
d0116a59ce85c86cf0c244a2f35185b3c1a5e4d2

SHA256
2eb94978be0c985dcd97c5f5d6236115dc37b4e7f7eccff5196b9911e40fe321

SHA512
dc135919a6c6d23aa1e8d621783ea580a31d3a8cd029e9d022cdba7b83a1cf6f875d411af24e120621b4d071894845552ccd32975adba3ab599c5b37b3542b20

Download Submit
/data/user/0/mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia/app_DynamicOptDex/HPwR.json

Filesize
704KB

MD5
b839aea153d3da40ba306593da2f373a

SHA1
7a3a78af9cc70512aae2ae36e81af2a84ea4716d

SHA256
2c9b7a8766f527711b608e2ef3299ac93136f598f4bcb8002dae582f1e8a471a

SHA512
6e15843da3b6de706b1774904c742fc143fe86695c874026afd801bad57c8ffab36c0f5a48cd5a3b65782dcef7595056b100278569aaf5443dabf9946f604f57

Download Submit
/data/user/0/mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia/app_DynamicOptDex/HPwR.json

Filesize
704KB

MD5
77fedad313dbf1c835c63c7a6a4a59b1

SHA1
d0116a59ce85c86cf0c244a2f35185b3c1a5e4d2

SHA256
2eb94978be0c985dcd97c5f5d6236115dc37b4e7f7eccff5196b9911e40fe321

SHA512
dc135919a6c6d23aa1e8d621783ea580a31d3a8cd029e9d022cdba7b83a1cf6f875d411af24e120621b4d071894845552ccd32975adba3ab599c5b37b3542b20

Download Submit
/data/user/0/mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia/app_webview/GPUCache/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia/app_webview/GPUCache/index-dir/temp-index

Filesize
48B

MD5
6638ff779b40a77d85a2107825a51c84

SHA1
b106cae26b9175c13c01c54c9a20a0b71ff9ffd9

SHA256
d8feeea50f70e70edd76ea079a855d1836a8b6391eea21eb62461a9c44ebfe15

SHA512
33cc1aac7d3002ee03aed398d1a3f51a066c5cf979b67d8bba979c22822d3ac0ded95f46fe8de1c8c27d769889a58cf73d5aaa03413686b84cd47ee3ab8644b3

Download Submit
/data/user/0/mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia/app_webview/Web Data

Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia/app_webview/Web Data-journal

Filesize
1KB

MD5
69b0ad97010b55ce97d72671d6258543

SHA1
32f81473bfe3a563d59e7591ce30431f944cad4a

SHA256
0e3e647764d2ba52afaa5388bc721b27b52b677aaf1303f5b1034c1caab6d8d1

SHA512
36742ee8b0d02a8f51fc983ac34f4db9dd378d2aeac556678ed4ab16d9a92689bf3d34ba59398a5e4964e961a87cbdac5eef798816f456edf3c96345e5f41786

Download Submit
/data/user/0/mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia/app_webview/metrics_guid

Filesize
36B

MD5
9a1388133559971693b90a57354d81e9

SHA1
b66e1747d484e26fdb7b308635027eed46cb9a49

SHA256
36eaf1579e22f5098197f25a031cd6a0ec418f4a3340ad76067060146a1efcd7

SHA512
1b5c1fe2c44fbe3b3e04ef74d8b3950dff8f815451cd424af87aaabbd7c96fff61d35deebb2b66027cc25d3537a71b9a200f2353204c6e70fe4bb38c2be68f8b

Download Submit
/data/user/0/mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit