General

  • Target

    19F0F083EE2665DBD3875409CA1CF655C1E9B8B848F99414C792C51DC0EB9706.apk

  • Size

    1.9MB

  • Sample

    220603-g8ar2abfb2

  • MD5

    7b5b4d38e103c1ad103717be1383f639

  • SHA1

    777800a91615f79b0fffd6039f4d7a58ada94bd8

  • SHA256

    19f0f083ee2665dbd3875409ca1cf655c1e9b8b848f99414c792c51dc0eb9706

  • SHA512

    fdfc3192e9cf68170b35df78bd2f0308579458de7f149472b1762d07ce682ed88a832d196800585a9911ac8ec3a600cd06bed6789cd30e7304c864411d10ba73

Malware Config

Extracted

Family

alienbot

C2

http://piranno12.site

Targets

    • Target

      19F0F083EE2665DBD3875409CA1CF655C1E9B8B848F99414C792C51DC0EB9706.apk

    • Size

      1.9MB

    • MD5

      7b5b4d38e103c1ad103717be1383f639

    • SHA1

      777800a91615f79b0fffd6039f4d7a58ada94bd8

    • SHA256

      19f0f083ee2665dbd3875409ca1cf655c1e9b8b848f99414c792c51dc0eb9706

    • SHA512

      fdfc3192e9cf68170b35df78bd2f0308579458de7f149472b1762d07ce682ed88a832d196800585a9911ac8ec3a600cd06bed6789cd30e7304c864411d10ba73

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Removes a system notification.

MITRE ATT&CK Matrix

Tasks