Overview

overview

10

Static

static

7

7ab51fb206...1f.apk

android-9-x86

10

7ab51fb206...1f.apk

android-10-x64

10

7ab51fb206...1f.apk

android-11-x64

10

Analysis

  • max time kernel
    3210162s
  • max time network
    108s
  • platform
    android_x86
  • resource
    android-x86-arm-20220621-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220621-enlocale:en-usos:android-9-x86system
  • submitted
    21-08-2022 07:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ab51fb20608701fbceecffd076ca81f.apk

  • Size

    1.4MB

  • MD5

    7ab51fb20608701fbceecffd076ca81f

  • SHA1

    49011c5b76a07e4fdd310ce1310e727dcc068268

  • SHA256

    b76dc5d0e102e3c3ea30c6977114e98ab1198e7e8a6556487d375a198b647d7b

  • SHA512

    9b16f418e29ebedd957814285478e57bc254fa4615e13038da05c66d56ef7c78b0cc03a42c50af0cbd76730aca4b6a14cc670137a09520fda394ef0e5fb4ab22

Score
10/10
alienbotbankerevasioninfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://aslaolmazdenemyardim.co.vu/

Signatures

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot
  • Makes use of the framework's Accessibility service. 2 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Removes a system notification. 1 IoCs
    evasion

Processes

  • com.foot.aspect
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    PID:4047
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.foot.aspect/app_DynamicOptDex/sloF.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.foot.aspect/app_DynamicOptDex/oat/x86/sloF.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4089

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.foot.aspect/app_DynamicOptDex/oat/sloF.json.cur.prof
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.foot.aspect/app_DynamicOptDex/oat/x86/sloF.odex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.foot.aspect/app_DynamicOptDex/oat/x86/sloF.vdex
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.foot.aspect/app_DynamicOptDex/sloF.json
    Filesize

    238KB

    MD5

    36d4db9a6de79d27ca1b42c4fb6d5b3c

    SHA1

    2905be23838a99ba6261aec086c27a82464be1ad

    SHA256

    855652c1ceaae0e3875635046287d56deba36aaeb882a682372ace6e64b81569

    SHA512

    3a98f50617a1e415921006e16e2c4a6053d311925b816b5cfbaa7d2e1eae6002db83c68f5c4c1549422a3475f3f023b0110a4e9c0ce9cba6d7068de03a9b02c4

    Download Submit

  • /data/user/0/com.foot.aspect/app_DynamicOptDex/sloF.json
    Filesize

    483KB

    MD5

    d20bdfdc181433c009a604a1b1519d4a

    SHA1

    82887a97eb57ee58e7ce7f29b10db3a6567df320

    SHA256

    ef9872b60f5c2241a7f3823b9d0368237f6663f8380c425f6f9f98544219cd17

    SHA512

    b697bdd6151b25ce615a3a2127149dee3f82e2ebc2b94b01cc68f16b65d0c8ef2b3b6ee31b72ab289ab649ba9ca7e4a031aa4a4c77cf8bf142c7fc186510c82c

    Download Submit

  • /data/user/0/com.foot.aspect/app_DynamicOptDex/sloF.json
    Filesize

    483KB

    MD5

    e524fc1b16216ddd26a5984f1a0c139d

    SHA1

    53be0cda39429abec94f7292af2901786e55a5f6

    SHA256

    a4d9d9aff61762aef4afecfcc4de5c50eabf974d87f518fbeacfc50459bede1c

    SHA512

    fb1a42f5d3343558730551a96738f904c0c3bfe95abb2f8aa6a35ae8b4b92318f38080f3605cc3bd1e2533e9a1a8149c872952fde78c7c44e11a973590cac83f

    Download Submit

  • /data/user/0/com.foot.aspect/app_DynamicOptDex/sloF.json.x86.flock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.foot.aspect/app_webview/GPUCache/index
    Filesize

    20B

    MD5

    93027d42b314432c4216e6cfca48b384

    SHA1

    43448dd8102979c3926828182579691945eedd4e

    SHA256

    3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

    SHA512

    a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

    Download Submit

  • /data/user/0/com.foot.aspect/app_webview/GPUCache/index-dir/temp-index
    Filesize

    48B

    MD5

    55724210623345b1bf14baf3ec6d6583

    SHA1

    fade7bf4408a89a07901af45b28d35e97dbe5f31

    SHA256

    646cf7a68ab88375e2a4d47f59eea2f4e0b6cf8015d39cb0ab0f59e283fb532c

    SHA512

    3b98fb85e6d9dcb77e71b01caa912d4f58d0eb7ef688b5117fc2bef2c98db7abdd5d3ea4b2a1e939ca5edb082df566afc285e5f62af0443e85489c229c195e36

    Download Submit

  • /data/user/0/com.foot.aspect/app_webview/Web Data
    Filesize

    104KB

    MD5

    dc79f9ce5f3ab5270b33e61119dfc959

    SHA1

    1844bf222a5144b513dcf2fb50a18c011701c647

    SHA256

    47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

    SHA512

    18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

    Download Submit

  • /data/user/0/com.foot.aspect/app_webview/Web Data-journal
    Filesize

    1KB

    MD5

    54f6b503686f205b9b54ac5ba83d7b4f

    SHA1

    dbd13ff678ad11b9b108f2c2b76d74c82733c909

    SHA256

    15d551ab3be68361283efa7112a2f8dde212947b86635ec170a2519f0a161e5b

    SHA512

    3b43482441455ec3b12447af0358ff6ca9b4e4bc2be3d939987e6d6525df0e27597b1523df0633a1cacef3557ae9ee2ca7a8953b4d930033f6bb40884885ee6c

    Download Submit

  • /data/user/0/com.foot.aspect/app_webview/metrics_guid
    Filesize

    36B

    MD5

    2a5540c2a7e96a3f6e5782a699ea8b9c

    SHA1

    73ca20e5b07eee6024ad23f25f85163bfb3d80fb

    SHA256

    8d77cd2960def5be90ac9cdf5ee0467b7404389efb3888567264306a7893c411

    SHA512

    825b8c4c36bfd07396f9a33c90409513b7f738bb9b9e41e29efc3f8e2b342fcf9a0cb2fe378d296dd391049db481df70cd0a4d24285328567b194882d97daf93

    Download Submit

  • /data/user/0/com.foot.aspect/app_webview/metrics_guid
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.foot.aspect/app_webview/variations_seed_new
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.foot.aspect/app_webview/variations_stamp
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.foot.aspect/app_webview/webview_data.lock
    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

    Download Submit

  • /data/user/0/com.foot.aspect/shared_prefs/WebViewChromiumPrefs.xml
    Filesize

    127B

    MD5

    21223e9184445fe043476484cd8cb1f9

    SHA1

    2b4813f849121d60ba35eb0889080668bb62c778

    SHA256

    bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

    SHA512

    be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

    Download Submit