Overview

overview

10

Static

static

7

video.apk

android-9-x86

10

video.apk

android-10-x64

10

video.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    video.apk

  • Size

    1.6MB

  • Sample

    230306-n1qa3scb55

  • MD5

    a1462dc99471e4637b493da2930c9405

  • SHA1

    962084b33fdff88a4a335bd9839890f1120eab86

  • SHA256

    39ccc5d7009aefac18891c70a16b857b98481d6f69800075e31900c4dc9ef000

  • SHA512

    85bed2f101be7aab4b53d89f5dcb900117730e784da041780b29c3289a56a4386340bf797e898be1a875febdc753f9276f8c36ebd29c521654910c3209b06582

  • SSDEEP

    49152:HCpqX9FYQmBtcJW8fyhoh4fzL09M7ev7r5Tu9:HCcFYfwJ/6hoSf7ys9

Score
10/10
alienbotandroidbankerevasioninfostealertrojan

Malware Config

Extracted

Family

alienbot

C2

http://reklamruyasibursa.com.tr

rc4.plain

Targets

    • Target

      video.apk

    • Size

      1.6MB

    • MD5

      a1462dc99471e4637b493da2930c9405

    • SHA1

      962084b33fdff88a4a335bd9839890f1120eab86

    • SHA256

      39ccc5d7009aefac18891c70a16b857b98481d6f69800075e31900c4dc9ef000

    • SHA512

      85bed2f101be7aab4b53d89f5dcb900117730e784da041780b29c3289a56a4386340bf797e898be1a875febdc753f9276f8c36ebd29c521654910c3209b06582

    • SSDEEP

      49152:HCpqX9FYQmBtcJW8fyhoh4fzL09M7ev7r5Tu9:HCcFYfwJ/6hoSf7ys9

    Score
    10/10
    alienbotbankerevasioninfostealertrojan

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

      bankertrojaninfostealeralienbot

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Removes a system notification.

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks