General
-
Target
7787ca51a67c54a82a6e0a0378a2df1e9c3817560838fd3fcfc87d855686ef24
-
Size
1.4MB
-
Sample
220625-b95e5shegj
-
MD5
bd361bd641a75b16ae3e3ba388c3c42c
-
SHA1
d9518d572c576afeabc568a53e6b7daa8dee76d7
-
SHA256
7787ca51a67c54a82a6e0a0378a2df1e9c3817560838fd3fcfc87d855686ef24
-
SHA512
42889c7993f957780c3392bbd341b550a4f263bdb9976e6d143f80bc4514310b3ddbb9648c48687f90a0db9d71e9093afb1307099575bb14d574c2b2e7495363
Malware Config
Extracted
alienbot
http://tyrantthrone.xyz
Targets
-
-
Target
7787ca51a67c54a82a6e0a0378a2df1e9c3817560838fd3fcfc87d855686ef24
-
Size
1.4MB
-
MD5
bd361bd641a75b16ae3e3ba388c3c42c
-
SHA1
d9518d572c576afeabc568a53e6b7daa8dee76d7
-
SHA256
7787ca51a67c54a82a6e0a0378a2df1e9c3817560838fd3fcfc87d855686ef24
-
SHA512
42889c7993f957780c3392bbd341b550a4f263bdb9976e6d143f80bc4514310b3ddbb9648c48687f90a0db9d71e9093afb1307099575bb14d574c2b2e7495363
Score10/10-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Makes use of the framework's Accessibility service.
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Removes a system notification.
-