alienbot | 42aed3cbecc1ea6d94fa562abef0a691a5887a1a0efc7fc185c1ecbf9d18c859 | Triage

Submit
Reports

Overview

overview

Static

static

7

42aed3cbec...59.apk

android-9-x86

42aed3cbec...59.apk

android-10-x64

42aed3cbec...59.apk

android-11-x64

Sharing

General

Target

42aed3cbecc1ea6d94fa562abef0a691a5887a1a0efc7fc185c1ecbf9d18c859
Size

1.9MB
Sample

221220-lwyesahb92
MD5

6e3861cae3f1c124e83620c5551514b3
SHA1

281f08c2f1eb1770fad840780f8969e7621e7e7b
SHA256

42aed3cbecc1ea6d94fa562abef0a691a5887a1a0efc7fc185c1ecbf9d18c859
SHA512

b1625b3196fe31d2af1b3462261ac55c9257b339ab28accab5fb1a06000f775d746d8ca2204910eb4943c7c82cba9ebb91f59681a655f40108566041c717b44f
SSDEEP

49152:RIxSTFdMmirjbKX5ratqi7hy7mPXG2oznHAgIRGFL:RkubMmirnKX56qi7ymPXR8HEk

Score

10^/10

alienbot android banker evasion infostealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

42aed3cbecc1ea6d94fa562abef0a691a5887a1a0efc7fc185c1ecbf9d18c859.apk

Resource

android-x86-arm-20220823-en

alienbot banker evasion infostealer trojan

android-9-x86

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

42aed3cbecc1ea6d94fa562abef0a691a5887a1a0efc7fc185c1ecbf9d18c859.apk

Resource

android-x64-20220823-en

alienbot banker infostealer trojan

android-10-x64

3 signatures

150 seconds

Behavioral task

behavioral3

Sample

42aed3cbecc1ea6d94fa562abef0a691a5887a1a0efc7fc185c1ecbf9d18c859.apk

Resource

android-x64-arm64-20220823-en

alienbot banker infostealer trojan

android-11-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

alienbot

C2

http://abatrdfsat.ml

rc4.plain

Targets

- Target
  
  42aed3cbecc1ea6d94fa562abef0a691a5887a1a0efc7fc185c1ecbf9d18c859
- Size
  
  1.9MB
- MD5
  
  6e3861cae3f1c124e83620c5551514b3
- SHA1
  
  281f08c2f1eb1770fad840780f8969e7621e7e7b
- SHA256
  
  42aed3cbecc1ea6d94fa562abef0a691a5887a1a0efc7fc185c1ecbf9d18c859
- SHA512
  
  b1625b3196fe31d2af1b3462261ac55c9257b339ab28accab5fb1a06000f775d746d8ca2204910eb4943c7c82cba9ebb91f59681a655f40108566041c717b44f
- SSDEEP
  
  49152:RIxSTFdMmirjbKX5ratqi7hy7mPXG2oznHAgIRGFL:RkubMmirnKX56qi7ymPXR8HEk
Score

10^/10

alienbot banker evasion infostealer trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

alienbotbankerevasioninfostealertrojan

behavioral2

alienbotbankerinfostealertrojan

behavioral3

alienbotbankerinfostealertrojan

© 2018-2024

Terms | Privacy