alienbot | dafc457d7005b4cbdadf7c0060bc8350e83306a564dc279feb701e55d1c13532 | Triage

Sharing

General

Target

dafc457d7005b4cbdadf7c0060bc8350e83306a564dc279feb701e55d1c13532
Size

1.5MB
Sample

220521-d9ssfshae9
MD5

8ca18d9c60d1bf540877f99b3569943f
SHA1

ad201003c45f45147a3745100b47ef4acf3ce8c6
SHA256

dafc457d7005b4cbdadf7c0060bc8350e83306a564dc279feb701e55d1c13532
SHA512

5d8469559f1eea724a5d703fa49e5e2059653e52c8b7ebe91c6fac3c1cc8421379b5db5812ae78377b6ad8f3e9ab6ba018f3a7724f2fb4019a66d9b1c57e51ff

Score

10^/10

alienbot android banker evasion infostealer trojan

Malware Config

Extracted

Family

alienbot

C2

http://odricatt.live

Targets

- Target
  
  dafc457d7005b4cbdadf7c0060bc8350e83306a564dc279feb701e55d1c13532
- Size
  
  1.5MB
- MD5
  
  8ca18d9c60d1bf540877f99b3569943f
- SHA1
  
  ad201003c45f45147a3745100b47ef4acf3ce8c6
- SHA256
  
  dafc457d7005b4cbdadf7c0060bc8350e83306a564dc279feb701e55d1c13532
- SHA512
  
  5d8469559f1eea724a5d703fa49e5e2059653e52c8b7ebe91c6fac3c1cc8421379b5db5812ae78377b6ad8f3e9ab6ba018f3a7724f2fb4019a66d9b1c57e51ff
Score

10^/10

alienbot banker evasion infostealer trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

alienbotbankerevasioninfostealertrojan

behavioral2

alienbotbankerinfostealertrojan

behavioral3