Overview

overview

10

Static

static

7

67130F843E...01.apk

android_x86

10

67130F843E...01.apk

android_x64

10

67130F843E...01.apk

android_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    67130F843EBF484C6A87002C8B52218864184E07BCC50227175DF52BD23CA001.apk

  • Size

    1.8MB

  • Sample

    220602-nc1rxabaep

  • MD5

    3b114ad5d6dc3c7b7a800e25994f14f4

  • SHA1

    5993356afbad23bf175837b75b573384ef224da9

  • SHA256

    67130f843ebf484c6a87002c8b52218864184e07bcc50227175df52bd23ca001

  • SHA512

    b0a1feb00a672a72bde9eac30e6a97eb1adc86c5c45e34bb56a0b4f5dde5f276f07223d67be02ba58e63ab7f66f20a88d38618644751c3aa7be466df4c287d56

Score
10/10
alienbotandroidbankerevasioninfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://keepgoingadamim.gripe

Targets

    • Target

      67130F843EBF484C6A87002C8B52218864184E07BCC50227175DF52BD23CA001.apk

    • Size

      1.8MB

    • MD5

      3b114ad5d6dc3c7b7a800e25994f14f4

    • SHA1

      5993356afbad23bf175837b75b573384ef224da9

    • SHA256

      67130f843ebf484c6a87002c8b52218864184e07bcc50227175df52bd23ca001

    • SHA512

      b0a1feb00a672a72bde9eac30e6a97eb1adc86c5c45e34bb56a0b4f5dde5f276f07223d67be02ba58e63ab7f66f20a88d38618644751c3aa7be466df4c287d56

    Score
    10/10
    alienbotbankerevasioninfostealertrojan

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

      bankertrojaninfostealeralienbot

    • Makes use of the framework's Accessibility service.

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Removes a system notification.

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks