General

  • Target

    599db33d534d1e98ea63dd2ce30100a7

  • Size

    1.4MB

  • Sample

    220603-g4j5xafddq

  • MD5

    599db33d534d1e98ea63dd2ce30100a7

  • SHA1

    070c24724d41f1a57c757d3af9a075bbd3d72720

  • SHA256

    1de6e6c140ff1b301b7df12d4b6388a21a6fbf0f141347dd2f9289740438a6d8

  • SHA512

    43adaf787f75a36401de0b0aceb46ad295e1df02b929c0d1264e0a6b2ddb9349a05e497bcefed9a0f471d955f008e885c0a07260f27ae763c0c842db1aa554d4

Malware Config

Extracted

Family

alienbot

C2

http://botprivate.ug

Targets

    • Target

      599db33d534d1e98ea63dd2ce30100a7

    • Size

      1.4MB

    • MD5

      599db33d534d1e98ea63dd2ce30100a7

    • SHA1

      070c24724d41f1a57c757d3af9a075bbd3d72720

    • SHA256

      1de6e6c140ff1b301b7df12d4b6388a21a6fbf0f141347dd2f9289740438a6d8

    • SHA512

      43adaf787f75a36401de0b0aceb46ad295e1df02b929c0d1264e0a6b2ddb9349a05e497bcefed9a0f471d955f008e885c0a07260f27ae763c0c842db1aa554d4

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Removes a system notification.

MITRE ATT&CK Matrix

Tasks