alienbot | 551ca24f79e33a76136064d2b6782ca3d86ba68cd4abfc47210c06e563f3e4d8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

551ca24f79e33a76136064d2b6782ca3d86ba68cd4abfc47210c06e563f3e4d8
Size

2.5MB
Sample

220508-krr7jagdgm
MD5

3ed214369f60137e2b27958bfc98c8f6
SHA1

abf541626d0accccf6c1545a40dcf64d15adfe79
SHA256

551ca24f79e33a76136064d2b6782ca3d86ba68cd4abfc47210c06e563f3e4d8
SHA512

06134585a81d51c0caddb80483977303172d82dfc4ab5138b0aba9a996badcde779232a998163c30d4c8a413aa1d17634c5e106f2a4c3af86fb4f2cd10bf10ad

Score

10^/10

alienbot android banker evasion infostealer trojan

Malware Config

Extracted

Family

alienbot

C2

http://kilimcinursia3.com

Targets

- Target
  
  551ca24f79e33a76136064d2b6782ca3d86ba68cd4abfc47210c06e563f3e4d8
- Size
  
  2.5MB
- MD5
  
  3ed214369f60137e2b27958bfc98c8f6
- SHA1
  
  abf541626d0accccf6c1545a40dcf64d15adfe79
- SHA256
  
  551ca24f79e33a76136064d2b6782ca3d86ba68cd4abfc47210c06e563f3e4d8
- SHA512
  
  06134585a81d51c0caddb80483977303172d82dfc4ab5138b0aba9a996badcde779232a998163c30d4c8a413aa1d17634c5e106f2a4c3af86fb4f2cd10bf10ad
Score

10^/10

alienbot banker evasion infostealer trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

alienbotbankerevasioninfostealertrojan

behavioral2

alienbotbankerinfostealertrojan

behavioral3

alienbotbankerinfostealertrojan