Analysis
-
max time kernel
149s -
max time network
153s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
-
submitted
08-02-2024 22:05
General
-
Target
e05619e7cfffe56f175a1bd2dda5fddca2d53c016615538be87f6a1e7c7cc0aa.apk
-
Size
785KB
-
MD5
774f48222eed4f8fa61d3429b5a15f7f
-
SHA1
eae8822d463fb2f81f24fc62fa0595e24457a282
-
SHA256
e05619e7cfffe56f175a1bd2dda5fddca2d53c016615538be87f6a1e7c7cc0aa
-
SHA512
3c0df9825efe9a2ce208cfffd4a9220509b1255e213c01fe8a98c2a83c28bf5fcd5f015d2d23bdcbe896a2c9cb7bdd5731268072a7c7481ef677b66e485f9db1
-
SSDEEP
12288:wMuGOsU8xN9Zo1yCQzoqKqRazgLx9+0qwF11bnZ84S8EH8EYZpZM/Im98/Im9B:w0xfsbBqRaMC0q4jbn3hEcEH/d98/d9B
Score
10/10
Malware Config
Extracted
Family
alienbot
C2
http://91.210.169.114/
AES_key
Signatures
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Makes use of the framework's Accessibility service 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
Processes
-
com.sakkkwyl.ncceberwpdhfq1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Uses Crypto APIs (Might try to encrypt user data)