General

  • Target

    EE76E1B353E42A7946E2C7A904F4207D747FBEA017C3B74B5F865D3727C045F3.apk

  • Size

    2.0MB

  • Sample

    220603-g8k8rsbfc9

  • MD5

    f5600bbe7922116282c866d8347695e3

  • SHA1

    07fe3b341709f86a235e3d6fcf3661e1cc96d3e7

  • SHA256

    ee76e1b353e42a7946e2c7a904f4207d747fbea017c3b74b5f865d3727c045f3

  • SHA512

    4c6bd04622f7134371036ed851c8b85673823e79ed95e0a20d75f395a37d5ed7672e621ba821f7db3adb807db8d48ed676f5f2275596b0b33577909db665e3af

Malware Config

Extracted

Family

alienbot

C2

http://yirtarimmincoyu.site

Targets

    • Target

      EE76E1B353E42A7946E2C7A904F4207D747FBEA017C3B74B5F865D3727C045F3.apk

    • Size

      2.0MB

    • MD5

      f5600bbe7922116282c866d8347695e3

    • SHA1

      07fe3b341709f86a235e3d6fcf3661e1cc96d3e7

    • SHA256

      ee76e1b353e42a7946e2c7a904f4207d747fbea017c3b74b5f865d3727c045f3

    • SHA512

      4c6bd04622f7134371036ed851c8b85673823e79ed95e0a20d75f395a37d5ed7672e621ba821f7db3adb807db8d48ed676f5f2275596b0b33577909db665e3af

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Removes a system notification.

MITRE ATT&CK Matrix

Tasks