Resubmissions
23-05-2023 21:49
230523-1pbprshf47 10General
-
Target
08f438d88bdd392166d3d0ede9a2e46df2743e3a01323132987a58d6404a45b8
-
Size
1.5MB
-
Sample
230523-1pbprshf47
-
MD5
51d8343364c82957fd7de024ee808d0a
-
SHA1
dd7b035009d93b4f204da813e4d30d2b5fd54791
-
SHA256
08f438d88bdd392166d3d0ede9a2e46df2743e3a01323132987a58d6404a45b8
-
SHA512
173788aa1f6016c764fc7f9917d8e9f06ce4fce2d259dcbfbd9e722a3734a5c3fbf6bd9f4b167efa8a27fc2f2f5ae50f5efc95b077ed4aafef70e3e94c2b8c5b
-
SSDEEP
24576:RHMznfBOxX//TggvaYys7F4xsqqeorUpj/y+4qT3a+mv4uZk+eO47rAiCm8nmG5a:RIfBOxXjIq4xwrGj/Xlq++ZkQrwG5a
Malware Config
Extracted
alienbot
http://bakgeliyosimdisanabakk.com
Targets
-
-
Target
08f438d88bdd392166d3d0ede9a2e46df2743e3a01323132987a58d6404a45b8
-
Size
1.5MB
-
MD5
51d8343364c82957fd7de024ee808d0a
-
SHA1
dd7b035009d93b4f204da813e4d30d2b5fd54791
-
SHA256
08f438d88bdd392166d3d0ede9a2e46df2743e3a01323132987a58d6404a45b8
-
SHA512
173788aa1f6016c764fc7f9917d8e9f06ce4fce2d259dcbfbd9e722a3734a5c3fbf6bd9f4b167efa8a27fc2f2f5ae50f5efc95b077ed4aafef70e3e94c2b8c5b
-
SSDEEP
24576:RHMznfBOxX//TggvaYys7F4xsqqeorUpj/y+4qT3a+mv4uZk+eO47rAiCm8nmG5a:RIfBOxXjIq4xwrGj/Xlq++ZkQrwG5a
Score10/10-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Renames multiple (158) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (162) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (166) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Makes use of the framework's Accessibility service.
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Removes a system notification.
-