General

  • Target

    AndroidGuncelleme.apk

  • Size

    3.2MB

  • Sample

    210820-px56lbwpb6

  • MD5

    e5b027f80c3acb8eb4c59cc23c0942c3

  • SHA1

    fb45ea1bf19cab34ec464b97802f59b9b45073ec

  • SHA256

    a6c11288cb0d8c5129e3cf3b3ab1cb4263b2344acc884dff9da5dbf1027d0b42

  • SHA512

    5c7b0f4cf7b7212dc7b0cd56f3a8459af5a881a375bf3ff0e1ebe58b099fa21c5b39e95cfda703493157c3c56b73504d8b7b8c242c294decdd6ef248cc7897dd

Malware Config

Extracted

Family

alienbot

C2

http://34.89.151.222

Targets

    • Target

      AndroidGuncelleme.apk

    • Size

      3.2MB

    • MD5

      e5b027f80c3acb8eb4c59cc23c0942c3

    • SHA1

      fb45ea1bf19cab34ec464b97802f59b9b45073ec

    • SHA256

      a6c11288cb0d8c5129e3cf3b3ab1cb4263b2344acc884dff9da5dbf1027d0b42

    • SHA512

      5c7b0f4cf7b7212dc7b0cd56f3a8459af5a881a375bf3ff0e1ebe58b099fa21c5b39e95cfda703493157c3c56b73504d8b7b8c242c294decdd6ef248cc7897dd

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads name of network operator

      Uses Android APIs to discover system information.

MITRE ATT&CK Matrix

Tasks