alienbot | 3260f9f19cefb766f7c303bc221b37fea75692943231f4399b95588ce968816c | Triage

Sharing

General

Target

3260F9F19CEFB766F7C303BC221B37FEA75692943231F4399B95588CE968816C.apk
Size

1.9MB
Sample

220602-njccwsffd2
MD5

ec009b2f303451aeda939162e5b2940e
SHA1

c0926509614062e1acc306059967c36652ff06c8
SHA256

3260f9f19cefb766f7c303bc221b37fea75692943231f4399b95588ce968816c
SHA512

837fa7718ae06f2b2bed407448cf66a5b5bae47c15834d89d876e23b93f4b14a4566b20889c0549deea7151219753e8ab6b4d0be73a649147f7d992725823bae

Score

10^/10

alienbot android banker evasion infostealer trojan

Malware Config

Extracted

Family

alienbot

C2

http://zesasar11.com

Targets

- Target
  
  3260F9F19CEFB766F7C303BC221B37FEA75692943231F4399B95588CE968816C.apk
- Size
  
  1.9MB
- MD5
  
  ec009b2f303451aeda939162e5b2940e
- SHA1
  
  c0926509614062e1acc306059967c36652ff06c8
- SHA256
  
  3260f9f19cefb766f7c303bc221b37fea75692943231f4399b95588ce968816c
- SHA512
  
  837fa7718ae06f2b2bed407448cf66a5b5bae47c15834d89d876e23b93f4b14a4566b20889c0549deea7151219753e8ab6b4d0be73a649147f7d992725823bae
Score

10^/10

alienbot banker evasion infostealer trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

alienbotbankerevasioninfostealertrojan

behavioral2

alienbotbankerinfostealertrojan

behavioral3

alienbotbankerinfostealertrojan