General

  • Target

    f11aa442642b1d21abc624121358a2e8206cb5c46d0fdb473450b045d3b77956

  • Size

    1MB

  • Sample

    220521-pkhfzaaffl

  • MD5

    1af531ab2146d62a2d7ade0b9598e04b

  • SHA1

    0123fb13995de05085fabf7306f69e573d02cd3c

  • SHA256

    f11aa442642b1d21abc624121358a2e8206cb5c46d0fdb473450b045d3b77956

  • SHA512

    7b928f122e2ddc84f0fa2a2bde06ad21dd5689320544d7d5a8193698affa95d1f0054d557226dd91e31b3dd23b063453c8027ad25b87ed82bd1cf457c730cbd3

Malware Config

Extracted

Family

alienbot

C2

http://installerflas678352.xyz

Targets

    • Target

      f11aa442642b1d21abc624121358a2e8206cb5c46d0fdb473450b045d3b77956

    • Size

      1MB

    • MD5

      1af531ab2146d62a2d7ade0b9598e04b

    • SHA1

      0123fb13995de05085fabf7306f69e573d02cd3c

    • SHA256

      f11aa442642b1d21abc624121358a2e8206cb5c46d0fdb473450b045d3b77956

    • SHA512

      7b928f122e2ddc84f0fa2a2bde06ad21dd5689320544d7d5a8193698affa95d1f0054d557226dd91e31b3dd23b063453c8027ad25b87ed82bd1cf457c730cbd3

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Removes a system notification.

MITRE ATT&CK Matrix

Tasks