General

  • Target

    18BDAC9B794E2477B3DD9EC9A0407719DAFC8AA83B8B5CE6FC49C8F9852F8C74.apk

  • Size

    1.6MB

  • Sample

    220603-g7vqtabeh2

  • MD5

    1888575c467b93db24f27d6a15761a99

  • SHA1

    5d223c72c237a46c6ef3fb56f658fc4fd7d5ce8b

  • SHA256

    18bdac9b794e2477b3dd9ec9a0407719dafc8aa83b8b5ce6fc49c8f9852f8c74

  • SHA512

    bfb96d75a2db050ce07d0ca19e15ddc2c36b9f5fdc617e3950861bbf0ba9d0c43ddfa823535f2fbbff74e22662640d2b5060f30783731780daa081d70da922c9

Malware Config

Extracted

Family

alienbot

C2

http://cacecarsa3.com

Targets

    • Target

      18BDAC9B794E2477B3DD9EC9A0407719DAFC8AA83B8B5CE6FC49C8F9852F8C74.apk

    • Size

      1.6MB

    • MD5

      1888575c467b93db24f27d6a15761a99

    • SHA1

      5d223c72c237a46c6ef3fb56f658fc4fd7d5ce8b

    • SHA256

      18bdac9b794e2477b3dd9ec9a0407719dafc8aa83b8b5ce6fc49c8f9852f8c74

    • SHA512

      bfb96d75a2db050ce07d0ca19e15ddc2c36b9f5fdc617e3950861bbf0ba9d0c43ddfa823535f2fbbff74e22662640d2b5060f30783731780daa081d70da922c9

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Removes a system notification.

MITRE ATT&CK Matrix

Tasks