General

  • Target

    f2464f7281803b95c1512b5cbf9d62b991e2cd051190aeca2cb1383baeaea036.apk

  • Size

    2.8MB

  • Sample

    211015-k13pmabeaj

  • MD5

    b561292a5ae3e8e9f3c79d710f7fbf29

  • SHA1

    419053f732cd7c29651d501e50af714b17a416ae

  • SHA256

    f2464f7281803b95c1512b5cbf9d62b991e2cd051190aeca2cb1383baeaea036

  • SHA512

    8eeedaec595df7f20e133cd3bf2ebd160c33775c947e9bbd62ac538421bf7c7fc7b8199bcd34061c88d122141b3dbeb9b0616b1b4e556db4b583034192e4100a

Malware Config

Extracted

Family

alienbot

C2

http://labalonumicosutu.ml

Targets

    • Target

      f2464f7281803b95c1512b5cbf9d62b991e2cd051190aeca2cb1383baeaea036.apk

    • Size

      2.8MB

    • MD5

      b561292a5ae3e8e9f3c79d710f7fbf29

    • SHA1

      419053f732cd7c29651d501e50af714b17a416ae

    • SHA256

      f2464f7281803b95c1512b5cbf9d62b991e2cd051190aeca2cb1383baeaea036

    • SHA512

      8eeedaec595df7f20e133cd3bf2ebd160c33775c947e9bbd62ac538421bf7c7fc7b8199bcd34061c88d122141b3dbeb9b0616b1b4e556db4b583034192e4100a

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Checks Android system properties for emulator presence.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests enabling of the accessibility settings.

    • Reads name of network operator

      Uses Android APIs to discover system information.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Matrix

Tasks