Overview

overview

10

Static

static

7

72B5189810...84.apk

android_x86

10

72B5189810...84.apk

android_x64

10

72B5189810...84.apk

android_x64

10

Analysis

  • max time kernel
    607581s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    02/06/2022, 11:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    72B51898101BF056AE7249FF1E4A132AAFB278038042955462205F014B4EE284.apk

  • Size

    1.8MB

  • MD5

    4eef0535ceddc82a99da8f0af9fce315

  • SHA1

    286e6a7055bf7dc8ece72af2912cde9ee5de6d72

  • SHA256

    72b51898101bf056ae7249ff1e4a132aafb278038042955462205f014b4ee284

  • SHA512

    d116d6b42e3d8089cf425036f8ba6571804a96fe83d32af7445893c73c5b48ac0e330f8e4fd7d55810b6b7097a9b80d48555d18d99ee05b01f1f817f8615e740

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://aykutugottenelmasisikten5.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • yept.rjurmkfnmkgnmjmqep.ulttzyu
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    PID:7094
    • getprop ro.miui.ui.version.name
      2⤵
        PID:7177
      • getprop ro.miui.ui.version.name
        2⤵
          PID:7230
        • getprop ro.miui.ui.version.name
          2⤵
            PID:7340
          • getprop ro.miui.ui.version.name
            2⤵
              PID:7391
            • getprop ro.miui.ui.version.name
              2⤵
                PID:7429
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:7479
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:7534

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/user/0/yept.rjurmkfnmkgnmjmqep.ulttzyu/app_DynamicOptDex/GwICUSQ.json
                  Filesize

                  700KB

                  MD5

                  f4765d597b83cde9f7c89707753f0102

                  SHA1

                  c79a499b092e5474f02828e5e3b78c9d56fee674

                  SHA256

                  53b7021ffda57d15ae5545d9a91a9e00272266385b33e9b8682edac6c806f97e

                  SHA512

                  1df08106024e60dadaf902aa6d6498ef374d00c2426191fb5b13fba3239fed8cccdd60a81b12b7e8b593460559e993b89307520a952690f197a070f405132c07

                  Download Submit

                • /data/user/0/yept.rjurmkfnmkgnmjmqep.ulttzyu/app_DynamicOptDex/GwICUSQ.json
                  Filesize

                  700KB

                  MD5

                  4275e18857c04162c6941952a53366f3

                  SHA1

                  12c50ea5652ae92dba272a8e6725a88b344acf9c

                  SHA256

                  1d9a340f8cb3b19ebc0315ceeaf387ccbbe6be7e57a64287001fadaf4ba272eb

                  SHA512

                  11020bced8550ce33f9af9557ab22a33bb00b2ea162ae4e3f870dc640bcf35ecc23791fa2cca6ecd2c4995a7c30241d760b68a98efd1cf21ce118eee9006d2e3

                  Download Submit

                • /data/user/0/yept.rjurmkfnmkgnmjmqep.ulttzyu/app_DynamicOptDex/GwICUSQ.json
                  Filesize

                  700KB

                  MD5

                  4275e18857c04162c6941952a53366f3

                  SHA1

                  12c50ea5652ae92dba272a8e6725a88b344acf9c

                  SHA256

                  1d9a340f8cb3b19ebc0315ceeaf387ccbbe6be7e57a64287001fadaf4ba272eb

                  SHA512

                  11020bced8550ce33f9af9557ab22a33bb00b2ea162ae4e3f870dc640bcf35ecc23791fa2cca6ecd2c4995a7c30241d760b68a98efd1cf21ce118eee9006d2e3

                  Download Submit