General

  • Target

    AndroidGuncelleme.apk

  • Size

    3.3MB

  • Sample

    210821-zjclk4days

  • MD5

    46fdb068ce8eda8fce387134a4fd4172

  • SHA1

    2f56a65676d377f552a86a4482ee1bf104d05b09

  • SHA256

    8e168f31f3bf0564d11b01e180d301f41e3582a89efc5ca15ed40a402c0ca3dd

  • SHA512

    e34acb562bbda4702da6f83bd6c4b79aea02a0b982d8a88aadf298db27bb524220b8b7be17cddffa78f662f93d95dac118b77fe831e669a158387cdcce72ec06

Malware Config

Extracted

Family

alienbot

C2

http://34.89.151.222

Targets

    • Target

      AndroidGuncelleme.apk

    • Size

      3.3MB

    • MD5

      46fdb068ce8eda8fce387134a4fd4172

    • SHA1

      2f56a65676d377f552a86a4482ee1bf104d05b09

    • SHA256

      8e168f31f3bf0564d11b01e180d301f41e3582a89efc5ca15ed40a402c0ca3dd

    • SHA512

      e34acb562bbda4702da6f83bd6c4b79aea02a0b982d8a88aadf298db27bb524220b8b7be17cddffa78f662f93d95dac118b77fe831e669a158387cdcce72ec06

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads name of network operator

      Uses Android APIs to discover system information.

MITRE ATT&CK Matrix

Tasks