alienbot | be7ad2f567ac30ba144370fc481aad30bb6c0f70d64ab165d822d2f0a46fc39c | Triage

Resubmissions

13-05-2022 20:54

220513-zp5r6sechm 10

10-05-2022 14:58

220510-sb53fscaek 10

Sharing

General

Target

7391866126.zip
Size

911KB
Sample

220513-zp5r6sechm
MD5

89a1178fb5badb5ec2bc8864b31af5eb
SHA1

5a13eee0479e010d9754a8ff2a1f003a922e26bb
SHA256

be7ad2f567ac30ba144370fc481aad30bb6c0f70d64ab165d822d2f0a46fc39c
SHA512

7682bcaa3e754dd93ab956c52f17263582d2348763a440692155db3524c8d9164f6801712b04d0686262f811f1a2e8c402f12ca5645d3f6b61a68730fdc8a767

Score

10^/10

alienbot android banker evasion infostealer trojan

Malware Config

Extracted

Family

alienbot

C2

http://lluxll.digital

Targets

- Target
  
  f3d0965c2e93b338a62ecdfa477ca380cad9e6105a51fef31567ae1a8d291e9e
- Size
  
  976KB
- MD5
  
  a2077725a888217fffeec140a73325c2
- SHA1
  
  f36abdfbd158c88f3661a6f6ee68dadddff4e1d7
- SHA256
  
  f3d0965c2e93b338a62ecdfa477ca380cad9e6105a51fef31567ae1a8d291e9e
- SHA512
  
  a070ef91ccc0aa58d85d2b126369bc1b8ff719c6b7f89c6e97fbe2238e6d20dcc512e057ebf09b4ed460cc7d29d48a5e5170e04424f3bedb8199d4a1d98cb308
Score

10^/10

alienbot banker evasion infostealer trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

alienbotbankerevasioninfostealertrojan

behavioral2

behavioral3

alienbotbankerinfostealertrojan