Overview

overview

10

Static

static

7

636e6bb160...b9.apk

android_x86

10

636e6bb160...b9.apk

android_x64

10

636e6bb160...b9.apk

android_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7522686141.zip

  • Size

    1.4MB

  • Sample

    220531-1a75eschd2

  • MD5

    f30b7cab3f90325b8b5d4ea512a0dd19

  • SHA1

    a19d428c41fd3e72c71eee4b7fed8813b80e543e

  • SHA256

    39dbfacf2d4e32f21ef4fe53e3f8ea107ae6f431e3ccaf91bcc7ac793c7d667d

  • SHA512

    dcad741e2ecf5215d32cc22b358dfe27cb5fe5336e49c0cf6dd1d925cb9a2260cb9406754c15ad3fb2e3cc404d8d87b8e3c65594c688ffd10a593a3387488923

Score
10/10
alienbotandroidbankerevasioninfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://hizlisan.xyz/

Targets

    • Target

      636e6bb1609d32901854c24eff620ad85de622ec631972ddef3f229d3fca68b9

    • Size

      1.5MB

    • MD5

      d4ebe921214d02ca01d3e066c6191514

    • SHA1

      4356fdfada6840feb82cf990416be5fd370471df

    • SHA256

      636e6bb1609d32901854c24eff620ad85de622ec631972ddef3f229d3fca68b9

    • SHA512

      297f70474a6a344475f758ab76100bb9a28fa3ad0047df77739ae91dc223041d63b7adecca75ddc417444c8204fc6195000024ba965398d2b894786aee128e4e

    Score
    10/10
    alienbotbankerevasioninfostealertrojan

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

      bankertrojaninfostealeralienbot

    • Makes use of the framework's Accessibility service.

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Removes a system notification.

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks