General

  • Target

    Porno_Izle.apk

  • Size

    2.8MB

  • Sample

    210810-b3a2cpx1f6

  • MD5

    a2112d3c6b589061b7c97fc2df9ee154

  • SHA1

    34e5b6a7785a08570a0aac4f12f64f8cff4d8274

  • SHA256

    8f408002a2c7305f6eff6b076043660b1fc29e7dc265a9fff0421a86081b987a

  • SHA512

    ed95d1ec68e4632816943595ba2a8ccb5452b9a654d3898155e02e3cb5d94f4ae115e6aa0ffc29284a5f4964623ec1c59c92cc20a77b77665faedb3e7060df1b

Malware Config

Extracted

Family

alienbot

C2

http://194.163.136.78

Targets

    • Target

      Porno_Izle.apk

    • Size

      2.8MB

    • MD5

      a2112d3c6b589061b7c97fc2df9ee154

    • SHA1

      34e5b6a7785a08570a0aac4f12f64f8cff4d8274

    • SHA256

      8f408002a2c7305f6eff6b076043660b1fc29e7dc265a9fff0421a86081b987a

    • SHA512

      ed95d1ec68e4632816943595ba2a8ccb5452b9a654d3898155e02e3cb5d94f4ae115e6aa0ffc29284a5f4964623ec1c59c92cc20a77b77665faedb3e7060df1b

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads name of network operator

      Uses Android APIs to discover system information.

MITRE ATT&CK Matrix

Tasks