General

  • Target

    Porno_Izle.apk

  • Size

    2.8MB

  • Sample

    210811-rr6gln1yk6

  • MD5

    24b12a6b58a37dfa57a7563883efabea

  • SHA1

    0a93e315530ac6a65f701869bebfd48c7ca40486

  • SHA256

    afa85eacbcb9e4cb13d962449663ca0060eae579b33e0806c9ddecdc8d095830

  • SHA512

    e6ba864194558ee1afd82e2edf84412e76c45f3c4d31f07f241bf29fbedaceca855b29e31ef283ab536c7533e326218ccb3a3201634fc23e83fc29f7cfd77cf6

Malware Config

Extracted

Family

alienbot

C2

http://194.163.136.78

Targets

    • Target

      Porno_Izle.apk

    • Size

      2.8MB

    • MD5

      24b12a6b58a37dfa57a7563883efabea

    • SHA1

      0a93e315530ac6a65f701869bebfd48c7ca40486

    • SHA256

      afa85eacbcb9e4cb13d962449663ca0060eae579b33e0806c9ddecdc8d095830

    • SHA512

      e6ba864194558ee1afd82e2edf84412e76c45f3c4d31f07f241bf29fbedaceca855b29e31ef283ab536c7533e326218ccb3a3201634fc23e83fc29f7cfd77cf6

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads name of network operator

      Uses Android APIs to discover system information.

MITRE ATT&CK Matrix

Tasks