General

  • Target

    Chrome.apk

  • Size

    3.3MB

  • Sample

    210420-9x88fyc4lj

  • MD5

    f8e0945bc2a8ef95c5bd18e6f36b3391

  • SHA1

    5c08e35fd47dc9bae76c6bf583dbe753ab928dbe

  • SHA256

    e7a22f856cd48632eb60ec41bb54a6d35e423215e201497b48875f1443ba3a30

  • SHA512

    6cd4fe29f309b48048f070dda57d24cba10be3f1ca4459893e427ee180442c72793624d54e5ae5ef6fe90e7bf9e07c9f6f27045d693f3d84294aae6c7d3e889b

Malware Config

Extracted

Family

alienbot

C2

http://alfemhaykanesimec.site

Targets

    • Target

      Chrome.apk

    • Size

      3.3MB

    • MD5

      f8e0945bc2a8ef95c5bd18e6f36b3391

    • SHA1

      5c08e35fd47dc9bae76c6bf583dbe753ab928dbe

    • SHA256

      e7a22f856cd48632eb60ec41bb54a6d35e423215e201497b48875f1443ba3a30

    • SHA512

      6cd4fe29f309b48048f070dda57d24cba10be3f1ca4459893e427ee180442c72793624d54e5ae5ef6fe90e7bf9e07c9f6f27045d693f3d84294aae6c7d3e889b

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

MITRE ATT&CK Matrix

Tasks