Overview

overview

10

Static

static

Android APK

android_x86_64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4559872520388608.zip

  • Size

    2.7MB

  • Sample

    210317-dqq1saev46

  • MD5

    413152665c5afe4a39d4bc533940c3cb

  • SHA1

    5a0188003193b2ceb1c2a1f7470db08140b4f33f

  • SHA256

    03c55a8f9ee1e6add92b335ca083171573e63bb9807c83f8f1e024e2462f0c38

  • SHA512

    d06a28ea153f52dea8fbc1567509c11e4b31aad27245d33439775557c4b2e9c165dab4380f8aa7eb05878b9f5658caf449e4c14ad2e710150961f23d9b737d97

Score
10/10
alienbotandroidbankerinfostealerobfuscationstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://144.76.217.118

Targets

    • Target

      05c22566c4523736ab7020f3cea35598278a55087c50e485f7357a9a12c64d4b

    • Size

      2.8MB

    • MD5

      eaf02c32bf503e0d19a30451956c1780

    • SHA1

      b0de65b7f43973d42fc45ebc113e9ef86dfe62a5

    • SHA256

      05c22566c4523736ab7020f3cea35598278a55087c50e485f7357a9a12c64d4b

    • SHA512

      140320956d4e8074bee6d1ea5212ffadf50b32b47fc2349bf04e3bfeef82c2ed08d79c6941338e52248a8fb383f889230f78dbec934aba93e0500e4ea870b190

    Score
    10/10
    alienbotbankerinfostealerobfuscationstealthtrojan

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

      bankertrojaninfostealeralienbot

    • Removes its main activity from the application launcher

      stealthtrojan

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    behavioral1

MITRE ATT&CK Matrix

Tasks