Overview

overview

10

Static

static

7

882fa8badd...e5.apk

android-9-x86

10

882fa8badd...e5.apk

android-10-x64

10

882fa8badd...e5.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    882fa8badd2ae0875f4a6e450af5b10d4af3167964a87e4a5a3267c478e7c6e5

  • Size

    390KB

  • Sample

    230523-1hcngsad7z

  • MD5

    fb7667f4e30f5f6ec364f85b0b449583

  • SHA1

    4b01a9a122d9a0c3752afb50f0e3ba52eac51f1b

  • SHA256

    882fa8badd2ae0875f4a6e450af5b10d4af3167964a87e4a5a3267c478e7c6e5

  • SHA512

    5cc5d600abb16ed05452fbc76999885fdbc320202e75eb66ef489e5097f9a4a4a0a28f92e9b88af383fd8ebe2105acd57249134d8ca5968bf4a6f46cd983fb31

  • SSDEEP

    6144:/N+wvosn2eCXRrRcajivBAmza9sf8TYTMgxtPYHU43Gf480Nm2ZHZ3d:Qh82rjcacB+UAuPY043SrbmHZd

Score
10/10
alienbotandroidbankerevasioninfostealerransomwaretrojan

Malware Config

Extracted

Family

alienbot

C2

http://57.128.54.210

rc4.plain

Targets

    • Target

      882fa8badd2ae0875f4a6e450af5b10d4af3167964a87e4a5a3267c478e7c6e5

    • Size

      390KB

    • MD5

      fb7667f4e30f5f6ec364f85b0b449583

    • SHA1

      4b01a9a122d9a0c3752afb50f0e3ba52eac51f1b

    • SHA256

      882fa8badd2ae0875f4a6e450af5b10d4af3167964a87e4a5a3267c478e7c6e5

    • SHA512

      5cc5d600abb16ed05452fbc76999885fdbc320202e75eb66ef489e5097f9a4a4a0a28f92e9b88af383fd8ebe2105acd57249134d8ca5968bf4a6f46cd983fb31

    • SSDEEP

      6144:/N+wvosn2eCXRrRcajivBAmza9sf8TYTMgxtPYHU43Gf480Nm2ZHZ3d:Qh82rjcacB+UAuPY043SrbmHZd

    Score
    10/10
    alienbotbankerevasioninfostealerransomwaretrojan

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

      bankertrojaninfostealeralienbot

    • Renames multiple (178) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Renames multiple (344) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Removes a system notification.

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks