General

  • Target

    416B8132857E150BBB4B8DAB7FFE94D28D13C485EFEB54AFE2E58CCCA7361D42.apk

  • Size

    2.4MB

  • Sample

    220603-g47k7sfdgm

  • MD5

    f065d7db0a94da8f2556f094245baf21

  • SHA1

    45ec5c68a522c1f8806a0b467fb8a89bb0fc57e9

  • SHA256

    416b8132857e150bbb4b8dab7ffe94d28d13c485efeb54afe2e58ccca7361d42

  • SHA512

    9b3e0e85fb6a2db82d8d16b17756b02367cd64e85cd4a3d3f569c60719ed61f4f4cfe010186473819a617e3d6a5ba678093af24dbc3152eb1a2c9a2105aaab8b

Malware Config

Extracted

Family

alienbot

C2

http://kucsas2.com

Targets

    • Target

      416B8132857E150BBB4B8DAB7FFE94D28D13C485EFEB54AFE2E58CCCA7361D42.apk

    • Size

      2.4MB

    • MD5

      f065d7db0a94da8f2556f094245baf21

    • SHA1

      45ec5c68a522c1f8806a0b467fb8a89bb0fc57e9

    • SHA256

      416b8132857e150bbb4b8dab7ffe94d28d13c485efeb54afe2e58ccca7361d42

    • SHA512

      9b3e0e85fb6a2db82d8d16b17756b02367cd64e85cd4a3d3f569c60719ed61f4f4cfe010186473819a617e3d6a5ba678093af24dbc3152eb1a2c9a2105aaab8b

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Removes a system notification.

MITRE ATT&CK Matrix

Tasks