Overview

overview

10

Static

static

Android APK

android_x86_64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5391053035962368.zip

  • Size

    3.5MB

  • Sample

    210325-pcymcqk5va

  • MD5

    127c362f1c852b803ef8fde739ae65a2

  • SHA1

    15bf6913c54053ab870bf5dc6fbbf506b214986a

  • SHA256

    1f79f445605a9f5651f415de8d472b33a6e2d1a787dc625a95d45a0aab1e1a04

  • SHA512

    2e85719a74faa1ff8bf6d6129aede732b645388d7aa0caa076c4857cccccb448221c4194b16c2884f6b98f1cdcc8650bd6fa682c56de80832c22aac357213bae

Score
10/10
alienbotandroidbankerinfostealerobfuscationstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://ototmootot.com

Targets

    • Target

      e3ae7cb2eaa532da35412d2d96ec08b02a907678f18518c9e7d3dd59ddd96e67

    • Size

      3.6MB

    • MD5

      dea978d07ac311a6e5c98704c01c95c5

    • SHA1

      2443f8e9795088d7277524cef6be6497ca4bc6da

    • SHA256

      e3ae7cb2eaa532da35412d2d96ec08b02a907678f18518c9e7d3dd59ddd96e67

    • SHA512

      c93800347bac73550477cdf5258bac1d760e2ddbf8b3608c2fd71c3b8e0d5f93f48d9decfe529c3b89fb07485c56f04dfc83007dd094803379aa8f61a98a47cf

    Score
    10/10
    alienbotbankerinfostealerobfuscationstealthtrojan

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

      bankertrojaninfostealeralienbot

    • Removes its main activity from the application launcher

      stealthtrojan

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    behavioral1

MITRE ATT&CK Matrix

Tasks