alienbot | 60bd8249ebbf145ecf0d599add9ce8c94fcbab05d5af1332a27fdbe74264101a | Triage

Sharing

General

Target

60bd8249ebbf145ecf0d599add9ce8c94fcbab05d5af1332a27fdbe74264101a
Size

1.9MB
Sample

220521-d9y98shaf3
MD5

ee64138f0b44fa9608ffdc180b5a6f5b
SHA1

70de78da20b72180198c64e0af01491f4aebeec4
SHA256

60bd8249ebbf145ecf0d599add9ce8c94fcbab05d5af1332a27fdbe74264101a
SHA512

925dd962ef93ce598f57f8849627e0142a17515b92dfd2a0f2817169fddd5132aac9af54a49f6ad870de31973993410b9daf0be72aef092dc8e76f67976a6211

Score

10^/10

alienbot android banker evasion infostealer trojan

Malware Config

Extracted

Family

alienbot

C2

http://installerflas7865432.xyz

Targets

- Target
  
  60bd8249ebbf145ecf0d599add9ce8c94fcbab05d5af1332a27fdbe74264101a
- Size
  
  1.9MB
- MD5
  
  ee64138f0b44fa9608ffdc180b5a6f5b
- SHA1
  
  70de78da20b72180198c64e0af01491f4aebeec4
- SHA256
  
  60bd8249ebbf145ecf0d599add9ce8c94fcbab05d5af1332a27fdbe74264101a
- SHA512
  
  925dd962ef93ce598f57f8849627e0142a17515b92dfd2a0f2817169fddd5132aac9af54a49f6ad870de31973993410b9daf0be72aef092dc8e76f67976a6211
Score

10^/10

alienbot banker evasion infostealer trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

alienbotbankerevasioninfostealertrojan

behavioral2

alienbotbankerinfostealertrojan

behavioral3