alienbot

Resubmissions

15-06-2023 09:53

230615-lw5tvsfg54 10

25-05-2023 01:24

230525-bsr4gsff42 10

Sharing

Copy URL

Twitter E-mail

General

Target

63bd520e98ceea016ef2377e97f0bfda.bin
Size

1.2MB
Sample

230615-lw5tvsfg54
MD5

bf992f713ea2e520b0fe17f1c7474804
SHA1

ca467ad910e0a7e872b06afc7a3e8c4a85daba18
SHA256

4ba393807036fa63f4a84d7bb9a019ca0efbaedf5f901c71ea2f9b2db0d3def1
SHA512

a5cd03536d06f5ff7f0454080d56f2ae0d969df2fffbb04ea4308a4089d88163cb6f8a8ad0b424ab3e1712a8d96b0e9096480695a8a68af803004a7104d790e0
SSDEEP

24576:dAnRee1FIuvO4MyhYLUUogWJ/91BRt6SRBdoluu+iQapUN7sY9z/Et:dAReeFIubzUofJjv0Qq6i5ict

Score

10^/10

Malware Config

Extracted

Family

alienbot

http://prangadayi.com/

rc4.plain

Targets

- Target
  
  63bd520e98ceea016ef2377e97f0bfda.bin
- Size
  
  1.2MB
- MD5
  
  bf992f713ea2e520b0fe17f1c7474804
- SHA1
  
  ca467ad910e0a7e872b06afc7a3e8c4a85daba18
- SHA256
  
  4ba393807036fa63f4a84d7bb9a019ca0efbaedf5f901c71ea2f9b2db0d3def1
- SHA512
  
  a5cd03536d06f5ff7f0454080d56f2ae0d969df2fffbb04ea4308a4089d88163cb6f8a8ad0b424ab3e1712a8d96b0e9096480695a8a68af803004a7104d790e0
- SSDEEP
  
  24576:dAnRee1FIuvO4MyhYLUUogWJ/91BRt6SRBdoluu+iQapUN7sY9z/Et:dAReeFIubzUofJjv0Qq6i5ict
Score

1^/10
behavioral1
- Target
  
  6245fa164605d119c883a056c185f3fd9c502eba4ef08290bdc053b0db68466e.apk
- Size
  
  1.4MB
- MD5
  
  63bd520e98ceea016ef2377e97f0bfda
- SHA1
  
  771f954bcd2570d012cc82f3bc90789116b618ff
- SHA256
  
  6245fa164605d119c883a056c185f3fd9c502eba4ef08290bdc053b0db68466e
- SHA512
  
  237241a9f54116ba931f5c50884a1bd686562d198d12391054ee3338a46ff44003a3a0fe115a959f79a01e0ce46f18efe12255b613872b55cdf79e0622a41e33
- SSDEEP
  
  24576:tkzaymuPbH/3ZB9xiIK1fkm0cIoJHEHc7OrsSfm7BrB+cRMVy10UEF8:62uPb/ZxiI5tcxHEHc7M8BrlMVsEF8
Score

10^/10

alienbot banker infostealer ransomware trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Renames multiple (272) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
behavioral2
- Target
  
  shape_19.svg
- Size
  
  1KB
- MD5
  
  d071555e770aa899a60ec89d524231f6
- SHA1
  
  d12e7658da72e21b2447a0ab017f45f45bc27afe
- SHA256
  
  d808488d2ce5c294a551dd6cab016c098f87fe5025ca4737d60e76cd391ccf12
- SHA512
  
  02190ef1bc3823fe84d79b147dc8c16ef66325175a798178324b44ca114a12a0601d5717f25f0df7219e0406528a070d6b6a10793a4c51dd461eb1fefe0cfa51
Score

1^/10
behavioral3
- Target
  
  shape_20.svg
- Size
  
  1KB
- MD5
  
  4eec7819cf526dc5a0ad47c4551a930a
- SHA1
  
  be218f9d9f010eaba1e97ec2b9aae39b913e4d8b
- SHA256
  
  df496ff50b4c05b3f18cba321d0e54c6baad4a05e4b68e6bd2c15c563b4ad101
- SHA512
  
  bd8497da284d26598bc6b25c2268d9651f6250bf0c26e3c96041fb1e8adc8f896dce19cc4ddffd5dcb68cc0fa2d49db853ed5cfecceefbf8bb6b18145e73054e
Score

1^/10
behavioral4
- Target
  
  shape_21.svg
- Size
  
  1KB
- MD5
  
  03bea92b5a80210f73284dca552a783e
- SHA1
  
  6d8c76be2d7ca6d15e7e89f9cc432866173a8b43
- SHA256
  
  cd185d4a912dd849f434d07505a9af77ddd98e2b5d7d2a40a3061dd2b12978a3
- SHA512
  
  91bbee4dfc04ee1e8875f6213fec804ffc0a4d8ce584df2eb8191b90a6d1f76685a8c3bbcf15befdd4b71847a299d5f292f079b09a7c3ae8b94af8deb83a81d7
Score

1^/10
behavioral5
- Target
  
  shape_22.svg
- Size
  
  1KB
- MD5
  
  2c984aa72078254a59641ba4f07bba84
- SHA1
  
  b678fa206605d2ab07e66190666223e281d90a08
- SHA256
  
  642683939e77b6559a286a2043aa90b44a4a535e63040dee16dcb9367c65a624
- SHA512
  
  2d5d256beae6a7b4f3f85db237593cd0e5616f0989dc85ec679c249cd949be50b05114ce6f3e24ba0c831102567168a40a25158ed407e85d1e5f7de91a016443
Score

1^/10
behavioral6
- Target
  
  shape_23.svg
- Size
  
  3KB
- MD5
  
  f5435cbc7107f6ca5ced160662cf7e4c
- SHA1
  
  6c57386e93e4b427f372d79d895e8448c773d505
- SHA256
  
  a6c337992c71d6b3910c6f3f5dbb9ef071e70df9f5d639ffd275ba3bbc7678c8
- SHA512
  
  729cda9e7174f2d183bfd38ed9a9cf7a81e21901e2a975dc84b53589d68fc466ec97de03a089346da8b464778ef73342467b3e55e544dbceb91cbfa8cda1e5ec
Score

1^/10
behavioral7
- Target
  
  shape_24.svg
- Size
  
  2KB
- MD5
  
  37690f00271a0ff1a0fbca284d53a6e3
- SHA1
  
  b81ff382620c4b4c8fbaa4dfd0f2c80d54f2ece8
- SHA256
  
  2353646e97606fdc63fe94f6ed28cea42e911bfc5a57777cf48268fecf5389f4
- SHA512
  
  a9a37ae837896d80f0c0a00fb94bcacb7be599790054b7a2e9ed833de1c8d4774d8593816420169257868ce4f8bfff11b567d6f12319de2c01876b550002be9d
Score

1^/10
behavioral8
- Target
  
  shape_25.svg
- Size
  
  788B
- MD5
  
  3eb0a51391ac88b3c15ae205c375d9ac
- SHA1
  
  8bf1fd239aa52ccc99e49254e0c9425706f6bd67
- SHA256
  
  9f1927aae9c8d5aa8738e323db20cafb6d3b096622dea4e5c6d2043b162bc3a9
- SHA512
  
  43c001eb5e303c7e7380f6577dc7e96f064bb815eb830d9cc59a13e7d946c82e3fa557718bee67c81948911cd2e7881e218329a76750a40be33e0adf9ad27051
Score

1^/10
behavioral9
- Target
  
  square_fit_ratio_list.json
- Size
  
  1KB
- MD5
  
  1ab7f39f0464c57b3a39cef063a2445a
- SHA1
  
  3a6e26465a7f21a1c4287e77a7234b09de00800d
- SHA256
  
  4e3908f5e328f6cc426de36489b71396fcf12a32b98c5a4f032e7467d8e6a37b
- SHA512
  
  311d2996f12bbbb81d03e0d9fd5db8452e23377a75d424deb26823db7da1aa830f10aaadb58d0c54ad9ddca96a7d1738d2d219335ddedae855b8b5705bfbf64b
Score

1^/10
behavioral10
- Target
  
  timeline_tools_order.json
- Size
  
  1KB
- MD5
  
  b3484578d1bd943d558e05523a948203
- SHA1
  
  61a28264591741e4b5b2eed9c9b9ba51bfef955d
- SHA256
  
  5fb5c24fc270084e45c33103a1d965284b349944b59b02de899c1553b5db598d
- SHA512
  
  9528b1d49dc59a7222b30ac395d68c283ff91ef1eb75bfa14428919c4bf68159c493b8b1197fc57f182a3f19cb8ac75903451f1d15cec77ae60cee3d70c5d7c9
Score

1^/10
behavioral11
- Target
  
  uik_iconfont.ttf
- Size
  
  123KB
- MD5
  
  7c535923a6ac2697a56674c06787a5e5
- SHA1
  
  58e5b36dc6970b020326358a997599a93ed41b90
- SHA256
  
  87e72ff695439f650a5690bc3d3aea54b85d073e0506b535474cd6bd1b1bcfe7
- SHA512
  
  f573979a62540a8ec20a7da194ce121b5e3297b74c6392bfeac1f9f3fb2bbe8df4b0fd3c52f44a1929fc9a8cd2211f9ee253c84de714afb4b1ac0b30ffb8a0dc
- SSDEEP
  
  3072:/jd6DKUEYZefj25B05iYwTocDcVGP/sUgY6SLHmwmDgJJyG0+:/MDKU3Zefj2D05iYwDDcUMUgYpL2DgJD
Score

1^/10
behavioral12
- Target
  
  video-swipe.json
- Size
  
  21KB
- MD5
  
  3b2524c348216d89b3df2167d7297ddf
- SHA1
  
  d493e953e24b73cae372215f9b2942123bc5f227
- SHA256
  
  706747e0007c3a1bdeb9a789b3eb7e49a9ecd69164b73a1b7be4a6b212247400
- SHA512
  
  5bcb5593dfae8763cd8c4f3d9b8bb5365eb676f7b1aea6cbf562dc0e73526ae7be93ad6d0617fba1e8b81b4b6ea216ca3160fd4929560303cba9b8c0cb4b93b6
- SSDEEP
  
  384:ei1AZa1TMqmNleAYHbBfiFMO1pEGFO1pEOW6co6y1:eMkaJMlNQAibBfjgprgp9c5A
Score

1^/10
behavioral13
- Target
  
  videoAdjust.json
- Size
  
  23KB
- MD5
  
  1e4655c548d22564731d784bc47acfc9
- SHA1
  
  b4d2f64e3cfca81cf457ceceaafa2a6872f36bed
- SHA256
  
  b095cb185d0295d01025e526f0ddbf86376fdd02c12b1f4840b35c31e8d5a3ba
- SHA512
  
  32747e6c934a15d2792daf5564a1a90944fb73f06e13278d529c94da1243cb1bc8e0eea071eb642724cc1208983e842410dec076a50216249517b4e9386ac3ff
- SSDEEP
  
  384:yhZMGPK+k6N+Q1IVraLTuFdqQYV+qaL71xWaLpMJJsMJRR+RGwv+8t:sSRtx
Score

1^/10
behavioral14
- Target
  
  videoGraph.json
- Size
  
  1KB
- MD5
  
  729032e903f5ca7974a076635b3110c6
- SHA1
  
  71e9f07213f9f73256b2c3d65817d65f3b98b11d
- SHA256
  
  71186594dff3221ca2778f03befe780ea3d6fea09835107ece19957a5b8d2eaf
- SHA512
  
  7d7ee9ab56cfa1610d11d1c9dfbb6efd0b8fffcc98f6de98b02d8ac4cff98191c5e7a4414ed185de5b43ea0fa17e60d2078add9a05663929e03653e897cb6da6
Score

1^/10
behavioral15
- Target
  
  video_adjust_tools_info.json
- Size
  
  429B
- MD5
  
  ecc01c7ec2173d4030dbe78467507918
- SHA1
  
  50b3f41639c2124fa4608a4c47eaa85b7e2c8faf
- SHA256
  
  10310ad54f2e2a78eb39988423a2a4db338f5d18ca3291ae2f178a27598f0863
- SHA512
  
  5f1254d4fde4deca7673d2ac409d0f19ed4a653f6dfb1fd37b12c6bc122aab5c1b37c28cc0496940d7548253dee20b1be0c77b2b6145e9b67069aae78c2ac2c1
Score

1^/10
behavioral16
- Target
  
  video_editor_tools_order.json
- Size
  
  1KB
- MD5
  
  3ee637535a5df330d6d16767b03800b4
- SHA1
  
  7141227bfe291f23d9c399afe3fcdeba82f4274b
- SHA256
  
  0959388532a34be5479475c69ee90a78e55bee8b4666465a1e1f9df7632646a1
- SHA512
  
  64ee40fed3fd5f0b36923b9116dcfbe9d1ab98fe2f47241fec4551ddfed750298fd6d685581405ba273315808d4ca3dfbb604ed03309c8326297564660b03dc8
Score

1^/10
behavioral17
- Target
  
  video_watermark.svg
- Size
  
  7KB
- MD5
  
  249fa4524f6f6d2472ef61d4b4daf826
- SHA1
  
  be2a6e93163ca239d233ae236cb918daeb1c8258
- SHA256
  
  56e1091f207870add0964274e9ede64c1e27425f4d7e378073a19941127e172a
- SHA512
  
  a5648221a732249b07427137c715cb294aa4ba4596cb7235b4e5171bf036cea888a7d0c2bfbc4ccfdd8344360972357f822ec21fb96b98bc70f65dfd5b24a0c6
- SSDEEP
  
  192:8i1DU7Nrz4tfb8peEJR4KvxgtF3tPUEpd0LHSyz1WJgpzM:8i1DkNotfbgeE/4KvAPfkHRGgpzM
Score

1^/10
behavioral18
- Target
  
  video_watermark_config.json
- Size
  
  1KB
- MD5
  
  34b7d19aff791c473c68733d19474e1c
- SHA1
  
  5438443f8cef43a2def608b219ec3cfa7a2fc2f0
- SHA256
  
  e00ee2ee16f6be767f7176fe4430c610acd25f031a25f370a227d21b6e747708
- SHA512
  
  2fd6f2ace5cc649423812ebdecbdf6481ee468cf4efa4b749c859e747bc1465bd37ba1d9c9b7dbbfe82e246b75c65f2f20a1de51e96f2b2ae4ca8224e0e346ae
Score

1^/10
behavioral19
- Target
  
  waiting_skeleton.json
- Size
  
  38KB
- MD5
  
  782308a0f9522b9140b9e8510e47c2ec
- SHA1
  
  5a68c9f25f1bf9f365aab8c45a87767fc58b30de
- SHA256
  
  d44e707b84e64464864cd955f5dfcd93301060b8940b33a55eeb6c242efa0a1b
- SHA512
  
  e067bd1e19926bccb7b3d825b6d92c01557fe63ec5998eabf68310760295a456f787f55cbb8656ccff069e0ed05dcebdf65763d85a21785527654d47a500c7d1
- SSDEEP
  
  192:IIIIIIIIIloiHp3iHp3iHp3iHp3iHp679ILMyvDYyvDYyvDYyvD666JZoLxT866v:d
Score

1^/10
behavioral20
- Target
  
  weex-main-jsfm.js
- Size
  
  178KB
- MD5
  
  3dc3e9dee9ba7eabea0292e7ba766e75
- SHA1
  
  eb62571b34f491197cac2c32a8ef5a98670cce75
- SHA256
  
  7f9fbb1ad0d65be1a23af810ed010e831e7d9cc053953ee7d1b853ae24b79f2f
- SHA512
  
  c59dfecb2a1ceb9ed09db8a9e1cb1355975ef8b3dcb1320311d6f157accf7fb6fc612d6d56dda255aba0e2e8dfd8e13e524b42471d55dcf9c77d28d96a11a13d
- SSDEEP
  
  3072:pJ4aoSysY2Aqv/ekJd/fasVR2HP9FPG8Veoo:MaoP4Aqv/ekJRf2P9Fxo
Score

1^/10
behavioral21
- Target
  
  weex_config_bindingx.json
- Size
  
  830B
- MD5
  
  2bf8771ba127742984743b7c896c3fbb
- SHA1
  
  5ef056c989af4ff90cca21d447a7c09b7233ed44
- SHA256
  
  d12944b9b58c34a11c685d13cadd2c10d1f5e549c7529c6c9cb6f9789b344cf7
- SHA512
  
  f3c56b6bd3a0a4fbd279d60a1e9a88ef34f2e336f9c6ee432c7afcd5d65160347a7c7abc3cfeffe8d4bc85b4c9b43d10f1e701e75b6218814d12f85d5c9cb6d4
Score

1^/10
behavioral22
- Target
  
  weex_config_fashionai.json
- Size
  
  559B
- MD5
  
  674b4adc7d36863dc7584d0a394d88eb
- SHA1
  
  c92c73bae9ab539c7e67717a9f1a771742089161
- SHA256
  
  e590c8f0140958b1d213729bef0dab819dafda65e52f45cb9da239c42b4af6e0
- SHA512
  
  e736af8d19ec66f463c5096b376d3355cfadf5fd91141f8bfd1e29a64a834ea326448d1e71443e3b7732ce3d2cc213ae35a464a94c058826f2de6e50a0696c83
Score

1^/10
behavioral23
- Target
  
  weex_config_interactive.json
- Size
  
  2KB
- MD5
  
  9ca1eb47a9b0714b0bdc9462fba2d3e3
- SHA1
  
  4d3f20095b9c30a4cafa46373c87db307074d0d1
- SHA256
  
  a446ad60c0ca9d127d6466e8dbdbd2b8ae79cd3b934cbb4fa3e03b7f5708b3e4
- SHA512
  
  fcf1250cdfcf858569d3ccc28282d6c0577ad8ad933531262980e8afb531e7d3fe81425fa0612eeb0fd813afe5464f34d82749706b6295136cb2c5d41b427a0b
Score

1^/10
behavioral24
- Target
  
  weex_config_mytaobao.json
- Size
  
  189B
- MD5
  
  59281779cb75c8a0af964bed482c5e0c
- SHA1
  
  6986fb47455728146cc997851346817f839c664d
- SHA256
  
  8594be70db1bd1af8bc5b9a43a920fd821a3e9f11047e33d0dea63020e7023f8
- SHA512
  
  a92e46c588c2ccc6d8b086681268e493416fc0bb8003fda8f61a153ef38303374a88495e293395e03b36848b7baf472764fae173ed1bbf7e089263d32fec6766
Score

1^/10
behavioral25
- Target
  
  weex_config_shopref.json
- Size
  
  341B
- MD5
  
  de3bc68f29e2ab36eaafb07d0330a37f
- SHA1
  
  59d1ac50febd8eb6107866a18e27d22a3fa9bdf6
- SHA256
  
  ee618490233a9cf3370aaf91bc73e3f06f9259cbc0730fbe7147f0ce9d6ab4ac
- SHA512
  
  3fd70f28f72a58aeea1f27bc83d9946443ff9cc53d7fe17bae91f36caa3dd974b5d3b778140814362e3a16c048f90762b90d548ffabdfee3afbe4aa4d20e5026
Score

1^/10
behavioral26
- Target
  
  weex_config_tblive.json
- Size
  
  2KB
- MD5
  
  4f4062637267df1745da2eed9c8697f2
- SHA1
  
  d75d0d24c6df2f025dc644f0acaadc2a8e17ee36
- SHA256
  
  842248c79d541ae012729ec984bcd123595c2604361c3b7c60cbc4365f2fe588
- SHA512
  
  7d8e9e2099579ae4cdb471892cbfe625f9603cb234a2e343b62e21b3ff8464b59a5c06b1de1cad9803d18dde919603b472216aa8bdd8a9a601d55c27139b18f6
Score

1^/10
behavioral27
- Target
  
  weex_config_tbplay.json
- Size
  
  374B
- MD5
  
  4491b25bee6aaef06b9afbdc3d376d15
- SHA1
  
  888d4dd8e9eaf818b05e7ef587564cb9d85a48d5
- SHA256
  
  a478e0a7d7e939e890952f0452259f2b84a480685fc7f70139df54a86f959b5e
- SHA512
  
  a4cc70517f8ebe4ba1f52edb59b7fd8262c17d92dca316d9b1105e1c18e769ea7d0e094463bc255d92e0068b03cceb260e49f66f9d84a80fafc1268978161e3b
Score

1^/10
behavioral28
- Target
  
  wlmock.json
- Size
  
  16KB
- MD5
  
  b3160c56bfb1a8973f13b3b0246df738
- SHA1
  
  93ba63306d69382b2e23f8884fe3ca2d8fb0a368
- SHA256
  
  6608381acfea16078339d89be9e7a6cd40fb38512ecdfe08d3c2fb4a644a8f3b
- SHA512
  
  0781ee892027a4909aa077d2e62786f630a51990908329540d02809e96fd889d6a1628b59753d579bf24669374c11552eeddcdde8528fe34117d56a5e8f8763c
- SSDEEP
  
  192:gYu2282U2U2U2U2U2U2U2U2U2U2U26Gw+dZjV7+IFP55BGEQkxESxZx7DCe:wi8hFx35n
Score

1^/10
behavioral29
- Target
  
  youtube_sans_light.xml
- Size
  
  351B
- MD5
  
  b5f22607a8ffade8cc569f2402eea8df
- SHA1
  
  e0cbee80be7649a193019929ec88cd630dccebed
- SHA256
  
  f881b60755746ba36e0fa7e7708e0bc129bd6f0d8f88e9ffe80c2d14e1f93707
- SHA512
  
  ef14878428c9beaf5e4574d6234ffb004ae3bc515f35cbaa9576540d21e2bffbf66c8709c9c2b9bf2d336e0be285022612525bafd91550cd172743f7b5e895b6
Score

1^/10
behavioral30
- Target
  
  youtube_sans_medium.xml
- Size
  
  351B
- MD5
  
  3cb39789c4b054a4592045c224756938
- SHA1
  
  ea7ecf6ff12a0d208aec8556b63385a094c9e9bf
- SHA256
  
  d51daf4d497d162c60da196bc8ab7e2b553e779d27d9f8ec8a41b74579c7ccee
- SHA512
  
  bf19d8d0f6d5660a7df2b23ab5f55a0c2920984d1da9ca557e48399c12edbdb37e817bc7fad6e3fef36d19775920a09d7da2b68bd917f0d177535b4132db5bdf
Score

1^/10
behavioral31
- Target
  
  youtube_sans_semibold.xml
- Size
  
  351B
- MD5
  
  90daa67adb20980ea850a9e6a99d93bc
- SHA1
  
  3c0fd4b0789c4877d15fcdb889103e34c100584a
- SHA256
  
  2a3e5e1c62172515071bc69300743499c9ae9d08abef7cd6a12eddbfb474aacf
- SHA512
  
  c722a1451694b7db08090df64f63c25825ecb3dd67bd81aad01422d94dea519833a9c838907b75a879a39b7a4dca14449710b5bacd9a1d377c439c8ad02350e9
Score

1^/10
behavioral32

MITRE ATT&CK Matrix

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Renames multiple (272) files with added filename extension

Loads dropped Dex/Jar

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32