Overview

overview

10

Static

static

7

F1E42FDF34...C5.apk

android_x86

10

F1E42FDF34...C5.apk

android_x64

10

F1E42FDF34...C5.apk

android_x64

10

Analysis

  • max time kernel
    609041s
  • max time network
    172s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    02-06-2022 11:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    F1E42FDF3428E1252F5A8256A1DEDFCF777A8078FF5A0EFF143B2D0210E5F5C5.apk

  • Size

    1.9MB

  • MD5

    8697fdccda7b06aba78aea207702dad7

  • SHA1

    3f3ba34611a807a7b720e6f48ae86415886ff49d

  • SHA256

    f1e42fdf3428e1252f5a8256a1dedfcf777a8078ff5a0eff143b2d0210e5f5c5

  • SHA512

    b56f4c8e23ade8c9ebcad0f98d8e3c5b0682caac171e60125bd442eaaf680f03444566dd6eac8a2ba84d7fd83a4ac159e620a2b7414b0491c93c9110f47058b5

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://tayyipbey32.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • oyyrcoyjrstuqwlouscqfharzjz.mrzwgwsaihou.onoljdka
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    PID:6656
    • getprop ro.miui.ui.version.name
      2⤵
        PID:6882
      • getprop ro.miui.ui.version.name
        2⤵
          PID:6999
        • getprop ro.miui.ui.version.name
          2⤵
            PID:7055
          • getprop ro.miui.ui.version.name
            2⤵
              PID:7107
            • getprop ro.miui.ui.version.name
              2⤵
                PID:7152
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:7185
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:7223

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/user/0/oyyrcoyjrstuqwlouscqfharzjz.mrzwgwsaihou.onoljdka/app_DynamicOptDex/hLeQjGN.json
                  Filesize

                  684KB

                  MD5

                  7b7e6b301de1ef46f587d8b484fea44c

                  SHA1

                  8c9fd952099d0b0206a19631853105e394593058

                  SHA256

                  8634414aa75bc944818f334f93ee01c0fdb292cecf1e2f98e7fc396f7e54ffb4

                  SHA512

                  16d978f1124a7db2f4b763775317a4724071934a2584bdb2ea63d171b3ac045fa570d309a460ff9580cf4f053c9d965bd7d5dfd7d0b77aec2e61acb77e8c67c3

                  Download Submit

                • /data/user/0/oyyrcoyjrstuqwlouscqfharzjz.mrzwgwsaihou.onoljdka/app_DynamicOptDex/hLeQjGN.json
                  Filesize

                  684KB

                  MD5

                  b481b8198faedabb1bc2e8f4483f190e

                  SHA1

                  21c3c8ab2d293fdc9541e5c991d7f60c5365974a

                  SHA256

                  87606a47bcd054bab525740f04dcdd010d5e15641d57ecb6a02c44ab6b2d9aa7

                  SHA512

                  271b069d8bef2ea844bd5557df6e1530cfcff62c106f78bf46f44d002964fc81e7f5b804925a5748207e15c90d71c44c327e96ade1335a914dbeff185e60afc3

                  Download Submit

                • /data/user/0/oyyrcoyjrstuqwlouscqfharzjz.mrzwgwsaihou.onoljdka/app_DynamicOptDex/hLeQjGN.json
                  Filesize

                  684KB

                  MD5

                  b481b8198faedabb1bc2e8f4483f190e

                  SHA1

                  21c3c8ab2d293fdc9541e5c991d7f60c5365974a

                  SHA256

                  87606a47bcd054bab525740f04dcdd010d5e15641d57ecb6a02c44ab6b2d9aa7

                  SHA512

                  271b069d8bef2ea844bd5557df6e1530cfcff62c106f78bf46f44d002964fc81e7f5b804925a5748207e15c90d71c44c327e96ade1335a914dbeff185e60afc3

                  Download Submit

                • /data/user/0/oyyrcoyjrstuqwlouscqfharzjz.mrzwgwsaihou.onoljdka/app_DynamicOptDex/oat/hLeQjGN.json.cur.prof
                  MD5

                  d41d8cd98f00b204e9800998ecf8427e

                  SHA1

                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                  SHA256

                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                  SHA512

                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                  Download Submit