Overview

overview

10

Static

static

7

DBA7F022B4...50.apk

android_x86

10

DBA7F022B4...50.apk

android_x64

10

DBA7F022B4...50.apk

android_x64

10

Analysis

  • max time kernel
    675986s
  • max time network
    171s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220310-en
  • submitted
    03/06/2022, 06:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DBA7F022B4CCE63F1717F461AF490637F8F634F75B839EC318BB6866DAC94750.apk

  • Size

    2.0MB

  • MD5

    12258242e922d3d8ee08825f62caf147

  • SHA1

    d9cf92de75b867fbfb79f96d48a35ed760fe40e2

  • SHA256

    dba7f022b4cce63f1717f461af490637f8f634f75b839ec318bb6866dac94750

  • SHA512

    f9cc0733d1e23532ed0b691ba1be794af18d823a782b69a7be492df1eb5cd4512b8839fc13521352d4cb92b8e901d95fed58bf51965144628eaf6adba45b171b

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://ukalasey4.com

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • saoucydedyery.wkg.ycrorpyjoshzrmjbqbbybyi
    1⤵
    • Makes use of the framework's Accessibility service.
    • Loads dropped Dex/Jar
    PID:5843
    • getprop ro.miui.ui.version.name
      2⤵
        PID:5982
      • getprop ro.miui.ui.version.name
        2⤵
          PID:6130
        • getprop ro.miui.ui.version.name
          2⤵
            PID:6191
          • getprop ro.miui.ui.version.name
            2⤵
              PID:6233
            • getprop ro.miui.ui.version.name
              2⤵
                PID:6275
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:6312
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:6343

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/user/0/saoucydedyery.wkg.ycrorpyjoshzrmjbqbbybyi/app_DynamicOptDex/rPwDcm.json
                  Filesize

                  669KB

                  MD5

                  d52a6da47a4955b10dab9633c65ce78a

                  SHA1

                  54003ee8f4a2a80ffa52eb237f82028ad8417ec8

                  SHA256

                  38e865990c9053cdf2779aa05197a52df15ba686f85c6f7ae5558184bee1e256

                  SHA512

                  5595de98ffe624c966999471fdd2a6110aac82732760c143bc64f3663fac99c8b5ceee73506a7c5c2a86764da7751ad0f7d4b3cdb79a344106dbc529537bde58

                  Download Submit

                • /data/user/0/saoucydedyery.wkg.ycrorpyjoshzrmjbqbbybyi/app_DynamicOptDex/rPwDcm.json
                  Filesize

                  669KB

                  MD5

                  2e8cef20b2f5413ec81bb56efac5df33

                  SHA1

                  df1efcd0993f583f701d477086e16c923bababef

                  SHA256

                  43e09e150daa063922cb75072597e7ad5d5fcb8e34f59691a5d9d479cec727b1

                  SHA512

                  3dd4a88b48e02dcf0b4752ae704dbff2bc3aaceba771e5cc323318323f98ac52eb33e67243b8be0fa4b35ab69d5311294a6689ebd83fa3a9b4d38cf5c138f2d7

                  Download Submit

                • /data/user/0/saoucydedyery.wkg.ycrorpyjoshzrmjbqbbybyi/app_DynamicOptDex/rPwDcm.json
                  Filesize

                  669KB

                  MD5

                  2e8cef20b2f5413ec81bb56efac5df33

                  SHA1

                  df1efcd0993f583f701d477086e16c923bababef

                  SHA256

                  43e09e150daa063922cb75072597e7ad5d5fcb8e34f59691a5d9d479cec727b1

                  SHA512

                  3dd4a88b48e02dcf0b4752ae704dbff2bc3aaceba771e5cc323318323f98ac52eb33e67243b8be0fa4b35ab69d5311294a6689ebd83fa3a9b4d38cf5c138f2d7

                  Download Submit