alienbot | 486afd2192aa17f4e95da012b549ab70cf2d250a6e7a12210010a6c413c7e2ae | Triage

Sharing

General

Target

486AFD2192AA17F4E95DA012B549AB70CF2D250A6E7A12210010A6C413C7E2AE.apk
Size

306KB
Sample

220602-ndsgxsbafr
MD5

63c10ff97b867eade1b841963801b662
SHA1

33062f6c1bcc468bf4a51296b8eeb08fb1a2a03e
SHA256

486afd2192aa17f4e95da012b549ab70cf2d250a6e7a12210010a6c413c7e2ae
SHA512

ec73125fea196e2360472e9f7789ba613638ed35780bfc8c697e02037293f96b1f91000693d6a91a4946997c9d6ae883e99486c46ab31bde43775cb7191d66cd

Score

10^/10

alienbot android banker evasion infostealer trojan

Malware Config

Extracted

Family

alienbot

C2

http://zesasar8.com

Targets

- Target
  
  486AFD2192AA17F4E95DA012B549AB70CF2D250A6E7A12210010A6C413C7E2AE.apk
- Size
  
  306KB
- MD5
  
  63c10ff97b867eade1b841963801b662
- SHA1
  
  33062f6c1bcc468bf4a51296b8eeb08fb1a2a03e
- SHA256
  
  486afd2192aa17f4e95da012b549ab70cf2d250a6e7a12210010a6c413c7e2ae
- SHA512
  
  ec73125fea196e2360472e9f7789ba613638ed35780bfc8c697e02037293f96b1f91000693d6a91a4946997c9d6ae883e99486c46ab31bde43775cb7191d66cd
Score

10^/10

alienbot banker evasion infostealer trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Makes use of the framework's Accessibility service.
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

alienbotbankerevasioninfostealertrojan

behavioral2

alienbotbankerinfostealertrojan

behavioral3

alienbotbankerinfostealertrojan