General

  • Target

    Android_Guncelleme.apk

  • Size

    2.6MB

  • Sample

    210810-bsyrlggqms

  • MD5

    8e79a030f8d469ae4622f01ebd23b03c

  • SHA1

    c3c24988f549f8e299d9e105b1b732d9dfe24827

  • SHA256

    4d49e4bab298eb01ccb503a8db2cd19b523268de3af458631106932749a125ef

  • SHA512

    fb96cc465e9798eccb29a270822085fab5a35d3a1c75dc69cc4abeedc6ff0ae81e5754e698821dc1b46d9589ab138d95519332b64a289ae0667414ce58fdad2d

Malware Config

Extracted

Family

alienbot

C2

http://buralarnelerhkaldadad.club

Targets

    • Target

      Android_Guncelleme.apk

    • Size

      2.6MB

    • MD5

      8e79a030f8d469ae4622f01ebd23b03c

    • SHA1

      c3c24988f549f8e299d9e105b1b732d9dfe24827

    • SHA256

      4d49e4bab298eb01ccb503a8db2cd19b523268de3af458631106932749a125ef

    • SHA512

      fb96cc465e9798eccb29a270822085fab5a35d3a1c75dc69cc4abeedc6ff0ae81e5754e698821dc1b46d9589ab138d95519332b64a289ae0667414ce58fdad2d

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads name of network operator

      Uses Android APIs to discover system information.

MITRE ATT&CK Matrix

Tasks