Evdeyim.apk

General
Target

Evdeyim.apk

Size

2MB

Sample

201212-6jnzdw924j

Score
10 /10
MD5

3bfd4d18a3ceb4fb378772f1e4d1540c

SHA1

5f9926d498c3cd78fd99244cdd9f92de3a0eebc1

SHA256

bce447711725ad9106a0094d25220103b1bf4ba83bc247b3662ff4a6bfe9c67e

SHA512

dd841f39db5569e6ab1090eb0633f1370911edea38debc6621b57287d09063450c23a3b3f33b4e93269cda72a5c984537c03219a82cde834b202e5249c333f5a

Malware Config

Extracted

Family alienbot
C2

http://asf12552fg.xyz

Targets
Target

Evdeyim.apk

MD5

3bfd4d18a3ceb4fb378772f1e4d1540c

Filesize

2MB

Score
10 /10
SHA1

5f9926d498c3cd78fd99244cdd9f92de3a0eebc1

SHA256

bce447711725ad9106a0094d25220103b1bf4ba83bc247b3662ff4a6bfe9c67e

SHA512

dd841f39db5569e6ab1090eb0633f1370911edea38debc6621b57287d09063450c23a3b3f33b4e93269cda72a5c984537c03219a82cde834b202e5249c333f5a

Tags

Signatures

  • Alienbot

    Description

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    Tags

  • Removes its main activity from the application launcher

  • Loads dropped Dex/Jar

    Description

    Runs executable file dropped to the device during analysis.

  • Reads name of network operator

    Description

    Uses Android APIs to discover system information.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks