Overview

overview

10

Static

static

7

A44B03EA43...CB.apk

android_x86

10

A44B03EA43...CB.apk

android_x64

10

A44B03EA43...CB.apk

android_x64

Analysis

  • max time kernel
    679628s
  • max time network
    162s
  • platform
    android_x64
  • resource
    android-x64-20220310-en
  • submitted
    03/06/2022, 06:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    A44B03EA43C561095E1D0C6385BA00D86E02EE8AD33C0DAC1D6B9D5F073AE9CB.apk

  • Size

    2.0MB

  • MD5

    d4fd334971337b0296ec3141c80499b0

  • SHA1

    4bac68cba4c1a2744f3a0d1505f287bb13f75e71

  • SHA256

    a44b03ea43c561095e1d0c6385ba00d86e02ee8ad33c0dac1d6b9d5f073ae9cb

  • SHA512

    654edeccd100c0c89619d2f262ec9eb780ece5c7e80074e16fff0876c5a3307cbd9a3f04fd4af8556608ba823fc3efe52966dc07c8f5e82619381de91c791cc2

Score
10/10
alienbotbankerinfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://dreambufadfuxla.xyz

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

Processes

  • cgiritcdrcrlgexjqzundrw.rmrzmqycqjiaagb.xmpuqzpefasgunqucqaphmdoasq
    1⤵
    • Loads dropped Dex/Jar
    PID:6381
    • getprop ro.miui.ui.version.name
      2⤵
        PID:6455
      • getprop ro.miui.ui.version.name
        2⤵
          PID:6560
        • getprop ro.miui.ui.version.name
          2⤵
            PID:6605
          • getprop ro.miui.ui.version.name
            2⤵
              PID:6640
            • getprop ro.miui.ui.version.name
              2⤵
                PID:6699
              • getprop ro.miui.ui.version.name
                2⤵
                  PID:6734
                • getprop ro.miui.ui.version.name
                  2⤵
                    PID:6788

                Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /data/user/0/cgiritcdrcrlgexjqzundrw.rmrzmqycqjiaagb.xmpuqzpefasgunqucqaphmdoasq/app_DynamicOptDex/APSqP.json
                  Filesize

                  663KB

                  MD5

                  840776009386597ed595a2e54db83cf4

                  SHA1

                  13636149ed38a11d7131e009b75c6f5dd8256865

                  SHA256

                  f702f7a7eec6aa74e660ceb99a337f923337d5c08d2915c71d9365ee84506f56

                  SHA512

                  a576eae97c358783465a9434833485b4e73188e9a309606e80fd89ce8c3ebc0d6e05f33afef11642b1924acd3c9ce796f0539c63cf25df6920c2ff48972fbd11

                  Download Submit

                • /data/user/0/cgiritcdrcrlgexjqzundrw.rmrzmqycqjiaagb.xmpuqzpefasgunqucqaphmdoasq/app_DynamicOptDex/APSqP.json
                  Filesize

                  663KB

                  MD5

                  a5b4a0e001486ffbfb098ad41b42aca8

                  SHA1

                  c14748fcc292923e46f460e1aa0fc61056f7535f

                  SHA256

                  3e8a1200bf40f1b349d9ba37a0079546f76df09a93a6957446b397bac443f98b

                  SHA512

                  1ea8824625a457ccec2eccf9b17781a71c582a05634793ae6eae2d8b4dc08ab74e151a1028c0b9742c6dd94abee76cb1edefffceede73d408ca241aa738a9a9b

                  Download Submit

                • /data/user/0/cgiritcdrcrlgexjqzundrw.rmrzmqycqjiaagb.xmpuqzpefasgunqucqaphmdoasq/app_DynamicOptDex/APSqP.json
                  Filesize

                  663KB

                  MD5

                  a5b4a0e001486ffbfb098ad41b42aca8

                  SHA1

                  c14748fcc292923e46f460e1aa0fc61056f7535f

                  SHA256

                  3e8a1200bf40f1b349d9ba37a0079546f76df09a93a6957446b397bac443f98b

                  SHA512

                  1ea8824625a457ccec2eccf9b17781a71c582a05634793ae6eae2d8b4dc08ab74e151a1028c0b9742c6dd94abee76cb1edefffceede73d408ca241aa738a9a9b

                  Download Submit