alienbot | 58189275cb8f04c6347ad2036c22bd0cc1a1c973a384bb99a98fb86782a7acfb

Analysis

max time kernel
2731097s
max time network
156s
platform
android_x64
resource
android-x64-arm64-20220621-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220621-enlocale:en-usos:android-11-x64system
submitted
15-08-2022 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58189275cb8f04c6347ad2036c22bd0cc1a1c973a384bb99a98fb86782a7acfb.apk
Size

3.6MB
MD5

c2346156e936a054e9c2b792825c545f
SHA1

02854f557537b2d9c0a2c7287df639008b034d87
SHA256

58189275cb8f04c6347ad2036c22bd0cc1a1c973a384bb99a98fb86782a7acfb
SHA512

27e5228d8367958f4d0e7f239375a614dede693562a389ab905f9bcfe4eb2b14ee1d37ecf627364c7c5920fd38b0b5406cf119157db9752bd2de59bb2de7cd4c

Score

10^/10

alienbot banker infostealer trojan

Malware Config

Extracted

Family

alienbot

http://0lkoypi8ckkv9e.xyz

Signatures

Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
banker trojan infostealer alienbot

Makes use of the framework's Accessibility service. 3 IoCs

Processes:

com.classic.supposedly

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.classic.supposedly
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.classic.supposedly
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.classic.supposedly

Acquires the wake lock. 1 IoCs

Processes:

com.classic.supposedly

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.classic.supposedly

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.classic.supposedly

ioc	pid	Process
/data/user/0/com.classic.supposedly/app_DynamicOptDex/EDgPLApafeX.json	4983	com.classic.supposedly
/data/user/0/com.classic.supposedly/app_apk/ring0.apk	4983	com.classic.supposedly
/data/user/0/com.classic.supposedly/app_apk/ring0.apk	4983	com.classic.supposedly
/data/user/0/com.classic.supposedly/app_apk/ring0.apk	4983	com.classic.supposedly

com.classic.supposedly
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
PID:4983
- getprop ro.miui.ui.version.name
  2⤵
  PID:5830
- getprop ro.miui.ui.version.name
  2⤵
  PID:6042
- getprop ro.miui.ui.version.name
  2⤵
  PID:6217
- getprop ro.miui.ui.version.name
  2⤵
  PID:6339
- getprop ro.miui.ui.version.name
  2⤵
  PID:6415
- getprop ro.miui.ui.version.name
  2⤵
  PID:7103
- getprop ro.miui.ui.version.name
  2⤵
  PID:7277

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.classic.supposedly/app_DynamicOptDex/EDgPLApafeX.json

Filesize
657KB

MD5
e6e8da1a93ece0ae8a4544468c173cc2

SHA1
c72769b88bc5a18bee91283cc5410c96c3a0682e

SHA256
5705c4a1aa483cb829fbd79c304b04b5b27b5eca82df1431330b63aeb1eab3fe

SHA512
9c57d7713a728838535e577da96e8e934d3e8b9111d78ff5ff16d30a0b2f67106999b5892574a5f8a8f8c452a53826e950743f0785a2cdae037bc2a4a71d8354

Download Submit
/data/user/0/com.classic.supposedly/app_DynamicOptDex/EDgPLApafeX.json

Filesize
897KB

MD5
1a9f03d9f148d4a798b7ac8bd57251f9

SHA1
134f8aaf0bd10ccb23f8534ab3a8d2041bdcd2c6

SHA256
e19721382ee647de087fbbef629759ab6f9e43dafbe5a5aeb8c44e1c68893fa8

SHA512
36d5c86625c9ddecfd437ae7be57889235b917986886d778c9fec0f302c0e6f9e429bc8b4c03632bce4fc43a8b0536fea5f591d74b3442c61383e00cf3c6f78d

Download Submit
/data/user/0/com.classic.supposedly/app_DynamicOptDex/oat/EDgPLApafeX.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.classic.supposedly/app_apk/oat/ring0.apk.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.classic.supposedly/app_apk/ring0.apk

Filesize
1.0MB

MD5
39c078219b90944989e6422da3a0bd87

SHA1
a646c3f75e5216358ba94687f22ae8accbced171

SHA256
b7e579fd4084562b71c019a2e8593294039a60617b458e228cc2a4bc7f47ba3d

SHA512
7a776ea04f01cc283241021cd80f292d14868fb2e99f0beef794ec0e3a8d45eafca86e0e071f6e1f71e1697c9edb2928e06ab57978a2aa2b85c7d09344eb1a67

Download Submit
/data/user/0/com.classic.supposedly/app_apk/ring0.apk

Filesize
2.0MB

MD5
1adcf4bc6d6f6d480c55d7be7229d119

SHA1
42956d5705b6ef33bb273cfa760224fd3aeaf23b

SHA256
ceb7e826a55395e9c3a05c9035f670de8fc368946383ea7729f3f8baf6d32b64

SHA512
9a25aff46cc9de5552927e20124df6fa14b7ca0793947362a302814127e9ce210bd5958a056e3eb2d6d3a338a84b86bffd0284b7de4ddeed252b91e5bab380c4

Download Submit
/data/user/0/com.classic.supposedly/app_apk/ring0.apk

Filesize
2.0MB

MD5
1adcf4bc6d6f6d480c55d7be7229d119

SHA1
42956d5705b6ef33bb273cfa760224fd3aeaf23b

SHA256
ceb7e826a55395e9c3a05c9035f670de8fc368946383ea7729f3f8baf6d32b64

SHA512
9a25aff46cc9de5552927e20124df6fa14b7ca0793947362a302814127e9ce210bd5958a056e3eb2d6d3a338a84b86bffd0284b7de4ddeed252b91e5bab380c4

Download Submit
/data/user/0/com.classic.supposedly/app_apk/ring0.apk

Filesize
2.0MB

MD5
1adcf4bc6d6f6d480c55d7be7229d119

SHA1
42956d5705b6ef33bb273cfa760224fd3aeaf23b

SHA256
ceb7e826a55395e9c3a05c9035f670de8fc368946383ea7729f3f8baf6d32b64

SHA512
9a25aff46cc9de5552927e20124df6fa14b7ca0793947362a302814127e9ce210bd5958a056e3eb2d6d3a338a84b86bffd0284b7de4ddeed252b91e5bab380c4

Download Submit