General

  • Target

    3382348F9618058DDE3AACFFCB34982E

  • Size

    1.5MB

  • Sample

    220603-helswagabp

  • MD5

    3382348f9618058dde3aacffcb34982e

  • SHA1

    afd02498459773d4c1d271214446fc7db0a5e49d

  • SHA256

    f57a44bec2f7af2da443f068edb0a743f9625ac3a9d686393bacb8e72274b5de

  • SHA512

    a7efa941966dc180b9d007b0bc05ef3178b0b02a2a971d5a07e070d0d26241ef484af7b3f21d6e0b4e2f01eddc60bc007190e4cf6405fe38f091c869924cb9ba

Malware Config

Extracted

Family

alienbot

C2

http://scargkanesiki.info/

http://adkfjsadlkgjasdlkjaslkgjargq0rg.xyz

Targets

    • Target

      3382348F9618058DDE3AACFFCB34982E

    • Size

      1.5MB

    • MD5

      3382348f9618058dde3aacffcb34982e

    • SHA1

      afd02498459773d4c1d271214446fc7db0a5e49d

    • SHA256

      f57a44bec2f7af2da443f068edb0a743f9625ac3a9d686393bacb8e72274b5de

    • SHA512

      a7efa941966dc180b9d007b0bc05ef3178b0b02a2a971d5a07e070d0d26241ef484af7b3f21d6e0b4e2f01eddc60bc007190e4cf6405fe38f091c869924cb9ba

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Makes use of the framework's Accessibility service.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

MITRE ATT&CK Matrix

Tasks