alienbot | bfff778183267993da2ccf95f9fb3556dcacd90210da907b032e49b37656d300 | Triage

Sharing

General

Target

BFFF778183267993DA2CCF95F9FB3556DCACD90210DA907B032E49B37656D300.apk
Size

2.5MB
Sample

220603-ha37csbgg4
MD5

08a551f7207bcc6545db870d9b23b08a
SHA1

cb651a07e16322b7190fc414769032af7b34953c
SHA256

bfff778183267993da2ccf95f9fb3556dcacd90210da907b032e49b37656d300
SHA512

7a09f875a4e33b3327e98a3883cc51bc8fc309b8b953396a6a703f37d8d017f4dc33ed94e320c9030ae218d9a49ee8bcf052413f9f1b2a8f59e1b33dfe4e9fe5

Score

10^/10

alienbot android banker evasion infostealer trojan

Malware Config

Extracted

Family

alienbot

C2

http://perohi21.xyz

Targets

- Target
  
  BFFF778183267993DA2CCF95F9FB3556DCACD90210DA907B032E49B37656D300.apk
- Size
  
  2.5MB
- MD5
  
  08a551f7207bcc6545db870d9b23b08a
- SHA1
  
  cb651a07e16322b7190fc414769032af7b34953c
- SHA256
  
  bfff778183267993da2ccf95f9fb3556dcacd90210da907b032e49b37656d300
- SHA512
  
  7a09f875a4e33b3327e98a3883cc51bc8fc309b8b953396a6a703f37d8d017f4dc33ed94e320c9030ae218d9a49ee8bcf052413f9f1b2a8f59e1b33dfe4e9fe5
Score

10^/10

alienbot banker evasion infostealer trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

alienbotbankerevasioninfostealertrojan

behavioral2

alienbotbankerinfostealertrojan

behavioral3