alienbot | dec340eeb4c335f5f5d49180ba48256217f743ef9c355a10f0e4f43ee15a4311 | Triage

Sharing

General

Target

DEC340EEB4C335F5F5D49180BA48256217F743EF9C355A10F0E4F43EE15A4311.apk
Size

1.9MB
Sample

220603-hbx2qsbhc5
MD5

345c01f117d5dcbe54cb2a7a73d878d6
SHA1

5f55a8e0ff4ece709e2868c58f87db11c45ffb18
SHA256

dec340eeb4c335f5f5d49180ba48256217f743ef9c355a10f0e4f43ee15a4311
SHA512

3709847d0ed7885aef46e6b8aafb601230dd0288e82f6aea05ff099b8d34af315bc0b36f849d38f38d0ebd58008182ecdef7e237473c40982103d3f44160a67f

Score

10^/10

alienbot android banker infostealer trojan

Malware Config

Extracted

Family

alienbot

C2

http://dreambufadfuxla.xyz

Targets

- Target
  
  DEC340EEB4C335F5F5D49180BA48256217F743EF9C355A10F0E4F43EE15A4311.apk
- Size
  
  1.9MB
- MD5
  
  345c01f117d5dcbe54cb2a7a73d878d6
- SHA1
  
  5f55a8e0ff4ece709e2868c58f87db11c45ffb18
- SHA256
  
  dec340eeb4c335f5f5d49180ba48256217f743ef9c355a10f0e4f43ee15a4311
- SHA512
  
  3709847d0ed7885aef46e6b8aafb601230dd0288e82f6aea05ff099b8d34af315bc0b36f849d38f38d0ebd58008182ecdef7e237473c40982103d3f44160a67f
Score

10^/10

alienbot banker infostealer trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

alienbotbankerinfostealertrojan

behavioral3

alienbotbankerinfostealertrojan