General

  • Target

    1D4A6D3FC2183925DBD5CCF6B827728AFA377770D9924F2F25954029B811E00E.apk

  • Size

    2.0MB

  • Sample

    220603-g7q3mabeg7

  • MD5

    6c865514f5db0e6859f71d167f4e5422

  • SHA1

    cbdf0be52ae272f57247887446ac4d33dd5bba45

  • SHA256

    1d4a6d3fc2183925dbd5ccf6b827728afa377770d9924f2f25954029b811e00e

  • SHA512

    c820f407aa7eee0b6c5fcb76fe78759631546bcd004f2c24b86e0d633d2a213e42cf85a41a79c4b1c16febc8bb3c27dc42d2fa622985c79b668db87ce3af449c

Malware Config

Extracted

Family

alienbot

C2

http://heriflicivir02.site

Targets

    • Target

      1D4A6D3FC2183925DBD5CCF6B827728AFA377770D9924F2F25954029B811E00E.apk

    • Size

      2.0MB

    • MD5

      6c865514f5db0e6859f71d167f4e5422

    • SHA1

      cbdf0be52ae272f57247887446ac4d33dd5bba45

    • SHA256

      1d4a6d3fc2183925dbd5ccf6b827728afa377770d9924f2f25954029b811e00e

    • SHA512

      c820f407aa7eee0b6c5fcb76fe78759631546bcd004f2c24b86e0d633d2a213e42cf85a41a79c4b1c16febc8bb3c27dc42d2fa622985c79b668db87ce3af449c

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Removes a system notification.

MITRE ATT&CK Matrix

Tasks