Overview

overview

10

Static

static

7

afdcf9e488...fd.apk

android_x86

10

afdcf9e488...fd.apk

android_x64

10

afdcf9e488...fd.apk

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7259766121.zip

  • Size

    1.9MB

  • Sample

    220408-ts426abgep

  • MD5

    1ed3a5e5d4a0a572887b55c4c99bbb7d

  • SHA1

    60e9210440bb44276cfb1c5bc8060f516e669f52

  • SHA256

    1c01e25fea90370e20e732638cf7aed059c167e72915864fb53e65e716bc1060

  • SHA512

    64683a4c1152445bceb976bfff0852c6ffb7ce8035ec633cd50d9c50706672c3bab45142b390a2fd073128c171f5d5d7e558fc51542300fc9749d7e2687707c3

Score
10/10
alienbotandroidbankerevasioninfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://adsdsadsalifsa.digital

Targets

    • Target

      afdcf9e488413652659a551ff9388a81101228273bef2cfcdd7121e0bdb6a0fd

    • Size

      1.9MB

    • MD5

      4676030b254286ce7fe7501e7eafd31f

    • SHA1

      04283f5d707b86cf097178fdf09a64a6623467f6

    • SHA256

      afdcf9e488413652659a551ff9388a81101228273bef2cfcdd7121e0bdb6a0fd

    • SHA512

      bd71d384c257595f4fc881c57b8a955bfed62cf8a765bb028e109fcbcaa5bfe4a6a1e032877216d73d6c19e57323b1aca460a58027733c961850af35b5c1d192

    Score
    10/10
    alienbotbankerevasioninfostealertrojan

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

      bankertrojaninfostealeralienbot

    • Makes use of the framework's Accessibility service.

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Removes a system notification.

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks