General

  • Target

    9832b1ade1907849fd7091e85f2c24bd8a4488ecd96f0638fc979d8858b25196

  • Size

    1.6MB

  • Sample

    220201-fmb8ashaap

  • MD5

    872ebba0dfe0a28da3e91b0ee4d6df32

  • SHA1

    6a87c50179b08740bcab9da69a869d7c881f40c4

  • SHA256

    9832b1ade1907849fd7091e85f2c24bd8a4488ecd96f0638fc979d8858b25196

  • SHA512

    e29e0f2b36fa161569e0b38a9e0c22365a041432ee9e84083b39aa510247dd5ffea324627d5e5ae30fd538b10ea6f7a6a7ba6dddb635284a12097dc4a6333604

Malware Config

Extracted

Family

alienbot

C2

http://botduke1.ug

Targets

    • Target

      9832b1ade1907849fd7091e85f2c24bd8a4488ecd96f0638fc979d8858b25196

    • Size

      1.6MB

    • MD5

      872ebba0dfe0a28da3e91b0ee4d6df32

    • SHA1

      6a87c50179b08740bcab9da69a869d7c881f40c4

    • SHA256

      9832b1ade1907849fd7091e85f2c24bd8a4488ecd96f0638fc979d8858b25196

    • SHA512

      e29e0f2b36fa161569e0b38a9e0c22365a041432ee9e84083b39aa510247dd5ffea324627d5e5ae30fd538b10ea6f7a6a7ba6dddb635284a12097dc4a6333604

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

MITRE ATT&CK Matrix

Tasks