Overview

overview

10

Static

static

7

DEC340EEB4...11.apk

android_x86

10

DEC340EEB4...11.apk

android_x64

10

DEC340EEB4...11.apk

android_x64

10

Analysis

  • max time kernel
    607493s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    02/06/2022, 11:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DEC340EEB4C335F5F5D49180BA48256217F743EF9C355A10F0E4F43EE15A4311.apk

  • Size

    1.9MB

  • MD5

    345c01f117d5dcbe54cb2a7a73d878d6

  • SHA1

    5f55a8e0ff4ece709e2868c58f87db11c45ffb18

  • SHA256

    dec340eeb4c335f5f5d49180ba48256217f743ef9c355a10f0e4f43ee15a4311

  • SHA512

    3709847d0ed7885aef46e6b8aafb601230dd0288e82f6aea05ff099b8d34af315bc0b36f849d38f38d0ebd58008182ecdef7e237473c40982103d3f44160a67f

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://dreambufadfuxla.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    PID:6192
    • getprop ro.miui.ui.version.name
      2⤵
        PID:6928
      • getprop ro.miui.ui.version.name
        2⤵
          PID:7057
        • getprop ro.miui.ui.version.name
          2⤵
            PID:7094
          • getprop ro.miui.ui.version.name
            2⤵
              PID:7146

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /data/user/0/mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia/app_DynamicOptDex/HPwR.json
            Filesize

            704KB

            MD5

            11ecae4cc9eaa72e0c1f0d12e6afc689

            SHA1

            a45936b4045bb6b28c1f7c20132f3c5ab6d19596

            SHA256

            7aebc234c54e3f119d74403df38d64cacc712856564b5c2927967cc77d775821

            SHA512

            b3369b027e1a6d147602e5f067f5f97ff01377df07ad411af6f9e00e5e4fdad9933d8d3ba5f742c2018f10cba6c01d5af940e33ee917651c71ee28f678e9c9c3

            Download Submit

          • /data/user/0/mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia/app_DynamicOptDex/HPwR.json
            Filesize

            704KB

            MD5

            77fedad313dbf1c835c63c7a6a4a59b1

            SHA1

            d0116a59ce85c86cf0c244a2f35185b3c1a5e4d2

            SHA256

            2eb94978be0c985dcd97c5f5d6236115dc37b4e7f7eccff5196b9911e40fe321

            SHA512

            dc135919a6c6d23aa1e8d621783ea580a31d3a8cd029e9d022cdba7b83a1cf6f875d411af24e120621b4d071894845552ccd32975adba3ab599c5b37b3542b20

            Download Submit

          • /data/user/0/mqqpewfahprxcjrfjjqdbss.riweihzkjlogytjcysmcf.cbdcwzazhgqeejqpiyelcapia/app_DynamicOptDex/HPwR.json
            Filesize

            704KB

            MD5

            77fedad313dbf1c835c63c7a6a4a59b1

            SHA1

            d0116a59ce85c86cf0c244a2f35185b3c1a5e4d2

            SHA256

            2eb94978be0c985dcd97c5f5d6236115dc37b4e7f7eccff5196b9911e40fe321

            SHA512

            dc135919a6c6d23aa1e8d621783ea580a31d3a8cd029e9d022cdba7b83a1cf6f875d411af24e120621b4d071894845552ccd32975adba3ab599c5b37b3542b20

            Download Submit