General

  • Target

    Android_Guncelleme.apk

  • Size

    3.3MB

  • Sample

    210821-kfz5p15jbn

  • MD5

    faece6df07cccc010c8a2eaaca541bab

  • SHA1

    f9f22b1404b8088835371666493fa3f0db2ef71a

  • SHA256

    a0876d4cde77a0378cbf1ce15d188abf397b33e6d836bd5f799c798d311e2906

  • SHA512

    84a11fb311bee827104b09ba6f1ff3433f0fc34a5c24cc363e90c8ccd75f024ae885a2902f7c741a5c3049e9b61acd304218e6ff97d5c1d61c4191f643524980

Malware Config

Extracted

Family

alienbot

C2

http://34.89.218.199

Targets

    • Target

      Android_Guncelleme.apk

    • Size

      3.3MB

    • MD5

      faece6df07cccc010c8a2eaaca541bab

    • SHA1

      f9f22b1404b8088835371666493fa3f0db2ef71a

    • SHA256

      a0876d4cde77a0378cbf1ce15d188abf397b33e6d836bd5f799c798d311e2906

    • SHA512

      84a11fb311bee827104b09ba6f1ff3433f0fc34a5c24cc363e90c8ccd75f024ae885a2902f7c741a5c3049e9b61acd304218e6ff97d5c1d61c4191f643524980

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads name of network operator

      Uses Android APIs to discover system information.

MITRE ATT&CK Matrix

Tasks