General

  • Target

    Android_update20.5.apk

  • Size

    3.5MB

  • Sample

    210322-csts9v1lla

  • MD5

    da37ad165c23e8351975e1e93c6c6b0e

  • SHA1

    8e3bf72cf845477023213c12a2297f47de8bee67

  • SHA256

    18a65a4a2f2a090779878504bd199de8c2b74ddccfd74d213ac91c36d5db0582

  • SHA512

    c70da19c784420eab78d533a620a3fd32119d5990cb9b7cfbcce30d424849dfe5128dde01b21d8b22b1a2973e8f0f8a591ba7479f8e65526c84d59a2e8816084

Malware Config

Extracted

Family

alienbot

C2

http://trafpop22.xyz

Targets

    • Target

      Android_update20.5.apk

    • Size

      3.5MB

    • MD5

      da37ad165c23e8351975e1e93c6c6b0e

    • SHA1

      8e3bf72cf845477023213c12a2297f47de8bee67

    • SHA256

      18a65a4a2f2a090779878504bd199de8c2b74ddccfd74d213ac91c36d5db0582

    • SHA512

      c70da19c784420eab78d533a620a3fd32119d5990cb9b7cfbcce30d424849dfe5128dde01b21d8b22b1a2973e8f0f8a591ba7479f8e65526c84d59a2e8816084

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

MITRE ATT&CK Matrix

Tasks