alienbot | 7c834908030f6884afde99b50812f20ccd5253ae1df1d9370a2d0a201014af0b

Analysis

max time kernel
2560188s
max time network
149s
platform
android_x64
resource
android-x64-20220621-en
submitted
25-06-2022 01:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c834908030f6884afde99b50812f20ccd5253ae1df1d9370a2d0a201014af0b.apk
Size

1.5MB
MD5

292c9e26ffe79e019bb67c1a4cf53d77
SHA1

65c4ce134b9221c59a923f3c5f06cad528edb0fd
SHA256

7c834908030f6884afde99b50812f20ccd5253ae1df1d9370a2d0a201014af0b
SHA512

4d863adc866d9f07c51310f3f651ac3d0bf144708addf9aa04f5aa005901eb9a5553c20aa21e12de17f6b250d15933f3897e5b59cc402b153d0095fec82bb898

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

http://odry.london

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

fethqzabypgsytcqkccz.jqinmjugfzjojibhbwmz.tsxjdhotcktyfgqoiapzgjwugp

ioc	pid	process
/data/user/0/fethqzabypgsytcqkccz.jqinmjugfzjojibhbwmz.tsxjdhotcktyfgqoiapzgjwugp/app_DynamicOptDex/IQm.json	6121	fethqzabypgsytcqkccz.jqinmjugfzjojibhbwmz.tsxjdhotcktyfgqoiapzgjwugp
/data/user/0/fethqzabypgsytcqkccz.jqinmjugfzjojibhbwmz.tsxjdhotcktyfgqoiapzgjwugp/app_DynamicOptDex/IQm.json	6121	fethqzabypgsytcqkccz.jqinmjugfzjojibhbwmz.tsxjdhotcktyfgqoiapzgjwugp

fethqzabypgsytcqkccz.jqinmjugfzjojibhbwmz.tsxjdhotcktyfgqoiapzgjwugp
1⤵
- Loads dropped Dex/Jar
PID:6121
- getprop ro.miui.ui.version.name
  2⤵
  PID:6332
- getprop ro.miui.ui.version.name
  2⤵
  PID:6751
- getprop ro.miui.ui.version.name
  2⤵
  PID:6864
- getprop ro.miui.ui.version.name
  2⤵
  PID:6977
- getprop ro.miui.ui.version.name
  2⤵
  PID:7012
- getprop ro.miui.ui.version.name
  2⤵
  PID:7047

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/fethqzabypgsytcqkccz.jqinmjugfzjojibhbwmz.tsxjdhotcktyfgqoiapzgjwugp/app_DynamicOptDex/IQm.json

Filesize
658KB

MD5
4f0ed2c40656977fa8cea45e0f351e09

SHA1
99dae1e4ceb6928d041695a11af394cdf5d0b1d7

SHA256
c5be51f04478f51cc1f997e3bb389b3faae35738890e199bccfb198df435cf81

SHA512
5898c5d1dc66015af97972d9a8f1801fb41e712ecfcad7007a03c82ee3e9a182d169490941ede5ee1b32405b35b028d3a6dd689b08e413f9f7ee60de871c98d1

Download Submit
/data/user/0/fethqzabypgsytcqkccz.jqinmjugfzjojibhbwmz.tsxjdhotcktyfgqoiapzgjwugp/app_DynamicOptDex/IQm.json

Filesize
658KB

MD5
94ce26115df1664aa1adf1a05682deba

SHA1
bf4b0171c70ca56559bb219312bf53023cf1ad18

SHA256
0c03c7d4b144b7b2b95f0d5335ef4fcd5a9b8b74bb0a65f747392f9117f6afe9

SHA512
eefac54b5aeb6a4b629f9a925101be9a3192834a1248b3f129c6a04a9227740d0a3c4ebd98c610ddfa304ecedc4a086134d35142e80676a5b1775e2a357634b9

Download Submit
/data/user/0/fethqzabypgsytcqkccz.jqinmjugfzjojibhbwmz.tsxjdhotcktyfgqoiapzgjwugp/app_DynamicOptDex/IQm.json

Filesize
658KB

MD5
94ce26115df1664aa1adf1a05682deba

SHA1
bf4b0171c70ca56559bb219312bf53023cf1ad18

SHA256
0c03c7d4b144b7b2b95f0d5335ef4fcd5a9b8b74bb0a65f747392f9117f6afe9

SHA512
eefac54b5aeb6a4b629f9a925101be9a3192834a1248b3f129c6a04a9227740d0a3c4ebd98c610ddfa304ecedc4a086134d35142e80676a5b1775e2a357634b9

Download Submit
/data/user/0/fethqzabypgsytcqkccz.jqinmjugfzjojibhbwmz.tsxjdhotcktyfgqoiapzgjwugp/app_DynamicOptDex/oat/IQm.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit