alienbot | 65857c176c0861d6a36d6f363c5eac29377f354186c9a093d024a41c2a593a2a | Triage

Sharing

General

Target

b6d15d3db7993509dd52acace8442d83.apk
Size

1.7MB
Sample

230313-vr5gzabd28
MD5

b6d15d3db7993509dd52acace8442d83
SHA1

ffa472c3bea67ba551057ec5cd464cf0fc85c302
SHA256

65857c176c0861d6a36d6f363c5eac29377f354186c9a093d024a41c2a593a2a
SHA512

83e3068b0108f0f95c58ad1030b68b5f32e65efa9cc3c7b37062a9442b10e2b2d464bd18697f138466e5beb50f2133010eb569106e523ed6e9b494376018ad96
SSDEEP

49152:U3KajslnGwhC7Yi5ZP4SqMH+zOS8DjjM+gDeiSD9Y0fhdm:U3ZjsdNkYi5ZwPzOSZDDOfhdm

Score

10^/10

alienbot android banker evasion infostealer trojan

Malware Config

Extracted

Family

alienbot

C2

http://malboratacbl.com

rc4.plain

Targets

- Target
  
  b6d15d3db7993509dd52acace8442d83.apk
- Size
  
  1.7MB
- MD5
  
  b6d15d3db7993509dd52acace8442d83
- SHA1
  
  ffa472c3bea67ba551057ec5cd464cf0fc85c302
- SHA256
  
  65857c176c0861d6a36d6f363c5eac29377f354186c9a093d024a41c2a593a2a
- SHA512
  
  83e3068b0108f0f95c58ad1030b68b5f32e65efa9cc3c7b37062a9442b10e2b2d464bd18697f138466e5beb50f2133010eb569106e523ed6e9b494376018ad96
- SSDEEP
  
  49152:U3KajslnGwhC7Yi5ZP4SqMH+zOS8DjjM+gDeiSD9Y0fhdm:U3ZjsdNkYi5ZwPzOSZDDOfhdm
Score

10^/10

alienbot banker evasion infostealer trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

alienbotbankerevasioninfostealertrojan

behavioral2

alienbotbankerinfostealertrojan

behavioral3

alienbotbankerinfostealertrojan