General

  • Target

    Android_Guncelleme.apk

  • Size

    2.9MB

  • Sample

    210811-eradtspyje

  • MD5

    fbadda1aea91b50a5adc6b855b8bbfa4

  • SHA1

    80df44dcf743100119e8acbd936a7651887061bd

  • SHA256

    d5686b96ed9847a7b5184b70ef9401c3295f50682ad12a9127eb87ec4b4d2feb

  • SHA512

    97a117024efcb7e076bce91950784a0ceacd8573a286d69164e21ba662e9957f429ad5121e68c4920b24649c6b326fce6327aa920cbd4c9e6041605ba4ecd7b8

Malware Config

Extracted

Family

alienbot

C2

http://194.163.136.78

Targets

    • Target

      Android_Guncelleme.apk

    • Size

      2.9MB

    • MD5

      fbadda1aea91b50a5adc6b855b8bbfa4

    • SHA1

      80df44dcf743100119e8acbd936a7651887061bd

    • SHA256

      d5686b96ed9847a7b5184b70ef9401c3295f50682ad12a9127eb87ec4b4d2feb

    • SHA512

      97a117024efcb7e076bce91950784a0ceacd8573a286d69164e21ba662e9957f429ad5121e68c4920b24649c6b326fce6327aa920cbd4c9e6041605ba4ecd7b8

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads name of network operator

      Uses Android APIs to discover system information.

MITRE ATT&CK Matrix

Tasks