Overview

overview

10

Static

static

7

416B813285...42.apk

android_x86

10

416B813285...42.apk

android_x64

10

416B813285...42.apk

android_x64

10

Analysis

  • max time kernel
    676017s
  • max time network
    156s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    03/06/2022, 06:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    416B8132857E150BBB4B8DAB7FFE94D28D13C485EFEB54AFE2E58CCCA7361D42.apk

  • Size

    2.4MB

  • MD5

    f065d7db0a94da8f2556f094245baf21

  • SHA1

    45ec5c68a522c1f8806a0b467fb8a89bb0fc57e9

  • SHA256

    416b8132857e150bbb4b8dab7ffe94d28d13c485efeb54afe2e58ccca7361d42

  • SHA512

    9b3e0e85fb6a2db82d8d16b17756b02367cd64e85cd4a3d3f569c60719ed61f4f4cfe010186473819a617e3d6a5ba678093af24dbc3152eb1a2c9a2105aaab8b

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://kucsas2.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • ulslbqm.pzsnyylkjuhkhpctscfjwntn.ssdsweseezd
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:6332
    • getprop ro.miui.ui.version.name
      2⤵
        PID:6493
      • getprop ro.miui.ui.version.name
        2⤵
          PID:6609
        • getprop ro.miui.ui.version.name
          2⤵
            PID:7405
          • getprop ro.miui.ui.version.name
            2⤵
              PID:7472
            • getprop ro.miui.ui.version.name
              2⤵
                PID:7512
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:7555
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:7585

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/user/0/ulslbqm.pzsnyylkjuhkhpctscfjwntn.ssdsweseezd/app_DynamicOptDex/jw.json
                  Filesize

                  610KB

                  MD5

                  04ba0b0fe366b58c33e7d13d757ce320

                  SHA1

                  2412a790bcec41d7fc1ff2ad7f16e50938fe56df

                  SHA256

                  c0d92b5532c8e216d6ec94d552343839797e5a56c3a204e8a845ea5c5c5e1cdf

                  SHA512

                  00508b7df303d2e6ceeaf4f7c4fbfe9ff4c512da515f5d67fb3d89b51f291df4c0809bd9f3231bbed7628975f63c699f3311bc107ce331d52d80e4e975e771e7

                  Download Submit

                • /data/user/0/ulslbqm.pzsnyylkjuhkhpctscfjwntn.ssdsweseezd/app_DynamicOptDex/jw.json
                  Filesize

                  610KB

                  MD5

                  bf063aa2119c8a4dc6f3cc781ffed21a

                  SHA1

                  7cacf797b5e7f6e94ddb1920f38095fbeaca02dc

                  SHA256

                  4a2a9a37989ad92b6e1c31d4f5d10769ac4e870a4ab3ab189ba90360121ce07d

                  SHA512

                  088df9cacbbbe8741793c08ef0ceaba94483176de53740c45fb9970782eaf9dcd7465686e9e1233ddd408f0726336789872a6224f4cf16d62fed8b94b566ae69

                  Download Submit

                • /data/user/0/ulslbqm.pzsnyylkjuhkhpctscfjwntn.ssdsweseezd/app_DynamicOptDex/jw.json
                  Filesize

                  610KB

                  MD5

                  bf063aa2119c8a4dc6f3cc781ffed21a

                  SHA1

                  7cacf797b5e7f6e94ddb1920f38095fbeaca02dc

                  SHA256

                  4a2a9a37989ad92b6e1c31d4f5d10769ac4e870a4ab3ab189ba90360121ce07d

                  SHA512

                  088df9cacbbbe8741793c08ef0ceaba94483176de53740c45fb9970782eaf9dcd7465686e9e1233ddd408f0726336789872a6224f4cf16d62fed8b94b566ae69

                  Download Submit