alienbot | 38b4621647032aee070689093e4bfe1ae7ed139e323bf186d0899e980c385d87 | Triage

Sharing

General

Target

5602c634fe3b2100a845c4033af8a4af.apk
Size

1.8MB
Sample

220817-q7rtlabde4
MD5

5602c634fe3b2100a845c4033af8a4af
SHA1

01d5b208503ba76ec1c5364808600fdb7ff9a527
SHA256

38b4621647032aee070689093e4bfe1ae7ed139e323bf186d0899e980c385d87
SHA512

5ece75097d57bd04bf14a6c33410bf170873d47a095b8ded33d700f678a4ed9f8008b59933e8e7a6059111c1174465578967fbf49c52624ea779567bdeae7fdf
SSDEEP

49152:YQVnJqt+lMUZ7ku1UwK1SGkp4IQSqYLSE:Ymn8tg7ku1d+SGkOIQSRf

Score

10^/10

alienbot android banker infostealer trojan

Malware Config

Extracted

Family

alienbot

C2

http://gozlersemtseeguzl.shop

Targets

- Target
  
  5602c634fe3b2100a845c4033af8a4af.apk
- Size
  
  1.8MB
- MD5
  
  5602c634fe3b2100a845c4033af8a4af
- SHA1
  
  01d5b208503ba76ec1c5364808600fdb7ff9a527
- SHA256
  
  38b4621647032aee070689093e4bfe1ae7ed139e323bf186d0899e980c385d87
- SHA512
  
  5ece75097d57bd04bf14a6c33410bf170873d47a095b8ded33d700f678a4ed9f8008b59933e8e7a6059111c1174465578967fbf49c52624ea779567bdeae7fdf
- SSDEEP
  
  49152:YQVnJqt+lMUZ7ku1UwK1SGkp4IQSqYLSE:Ymn8tg7ku1d+SGkOIQSRf
Score

10^/10

alienbot banker infostealer trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

alienbotbankerinfostealertrojan