alienbot | 629fa8669a4f94e20b68cef2c091c06a2a2293407b1c4370b6e1b3f157a974cd | Triage

Sharing

General

Target

629fa8669a4f94e20b68cef2c091c06a2a2293407b1c4370b6e1b3f157a974cd.bin
Size

2.3MB
Sample

230716-b3lpfsdb3v
MD5

b46eb03142fbcf2856fcba33b09f87ed
SHA1

2ce7bd856c442b539e5b8fbe0932f88f28f29b30
SHA256

629fa8669a4f94e20b68cef2c091c06a2a2293407b1c4370b6e1b3f157a974cd
SHA512

b49e51ce03f9a3487408e77d9f0e9017153cbe188bdc2648b3b4a56326300dae4871811af2cee427c68932273c540ef9295e55bc91ea8c1a48166bc1377aa63d
SSDEEP

49152:g1L7nZSdgq7u667pf2ysZuADGncHjERQP5QHBXxRNeWCZrS3BZ1NMaVn3AE/dcS6:g1X0dgq7u6xysTScHjERQPmHBXxRNeW4

Score

10^/10

alienbot cerberus android banker evasion infostealer linux rat trojan

Malware Config

Extracted

Family

alienbot

C2

http://girisapi9952.pw

rc4.plain

Targets

- Target
  
  629fa8669a4f94e20b68cef2c091c06a2a2293407b1c4370b6e1b3f157a974cd.bin
- Size
  
  2.3MB
- MD5
  
  b46eb03142fbcf2856fcba33b09f87ed
- SHA1
  
  2ce7bd856c442b539e5b8fbe0932f88f28f29b30
- SHA256
  
  629fa8669a4f94e20b68cef2c091c06a2a2293407b1c4370b6e1b3f157a974cd
- SHA512
  
  b49e51ce03f9a3487408e77d9f0e9017153cbe188bdc2648b3b4a56326300dae4871811af2cee427c68932273c540ef9295e55bc91ea8c1a48166bc1377aa63d
- SSDEEP
  
  49152:g1L7nZSdgq7u667pf2ysZuADGncHjERQP5QHBXxRNeWCZrS3BZ1NMaVn3AE/dcS6:g1X0dgq7u6xysTScHjERQPmHBXxRNeW4
Score

10^/10

alienbot cerberus banker evasion infostealer rat trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Cerberus payload
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3
- Target
  
  closebutton.html
- Size
  
  981B
- MD5
  
  c8efa039f4f84b2705a8e3a3b31da61c
- SHA1
  
  669749429feda1599c4ee980cfd67fbb1a54c1a4
- SHA256
  
  494693c2ac56ecac1a2588c25631e1bf71211fb0f06108649a983c879315b1aa
- SHA512
  
  db6c9817469c937a41eedbbbdaeb21a0860fa5228258978fe59d29c75ab1497b8d1a0ceaae2b236206d6935e186deaf0d83a73791658fa68a985dfc5c314aed2
Score

1^/10
behavioral4 behavioral5
- Target
  
  core_wrapper.js
- Size
  
  5KB
- MD5
  
  2558e92bdb03c3e4685d4320a7cbe715
- SHA1
  
  9feff7ec75024ba6d9753ea233ffbe0b7bc04bf7
- SHA256
  
  99a17d18531953e748103eb021738a42eb9fe675532a4d42441d3bc34e048bc8
- SHA512
  
  83409561241255be24558f6b238f1687ea7f703d6950a8ad54ff4c50aa9c62af490b74e9b60379ff074b92942bf4752a653a19c4da2b554ac59ecfa0f5fad9f3
- SSDEEP
  
  96:MIn5NKjaILnYJX+myXjfaw17BLyHjLAHIIJUU/AUYYg8InG+d:N5NKjDrYJX+my7aw17UHjLAHIIJUUAW8
Score

1^/10
behavioral6 behavioral7
- Target
  
  lynx_core.js
- Size
  
  179KB
- MD5
  
  e7cfc2c0ca21ac6ed87869dbaf29afda
- SHA1
  
  b4db4af75b92b08408c8f0b9d9ac5ddd32d80b1d
- SHA256
  
  015c037a7efc9b28b6a55c6b1c18c1b71fed16e3ee1e630dd45906864ad709ec
- SHA512
  
  a51e1247a451d0f12872455d2425771a7ba335c79630ccb7e423c4cdbfb48be7b6402c7283602c812930d46f562999edef809e5215516c5f4e89bf3037d2455f
- SSDEEP
  
  1536:te01PJrNd3xF5KPIL0B/8kX9RHytxM9+Wn3Ocm3RzC4+KmbDEyJ7NRIY36Sq+HzM:3RJrZztUKC4+HIfSqL414T
Score

1^/10
behavioral8 behavioral9
- Target
  
  nd
- Size
  
  6KB
- MD5
  
  f6c6587ac2127318e57df26f29f9d92e
- SHA1
  
  b68b68ee5b2aa52d0e93a795ee83d0084eb3b4f1
- SHA256
  
  5a2c00182af9b6062876f1ebf9076a4f53bd78da5d59bcc8a9e51ffc0eb93a59
- SHA512
  
  3465e098e7c9f00873375c156d97417c6ae0328fbaab33796e498edf05f6b917cb2de31eea6a9b2b76c0c4798aca0aadb6b211e5c06563d637ce5220b3e30700
- SSDEEP
  
  96:BxEnFiv6dMo0mqOoLR9ooXo7GUGcbhWVevATWJ4:YnFi6eo0mqOovooXo7G2bhB8v
Score

1^/10
behavioral10
- Target
  
  slardar_bridge.js
- Size
  
  3KB
- MD5
  
  cc0a24c68fce308319dbb627a0836a35
- SHA1
  
  a19813e37b11803b940d9cc636aa9fa6510e42de
- SHA256
  
  751c84bc61085dd3baecfe3a51dd3d2f175ca3c5bd61f0c6bdac0817120a4e79
- SHA512
  
  576f30fca86a1bae7f4fd401c893685472395c39beef7cd0a5b1fe2010d594b77541187e6bf94e50cb477e4c8761af1fd557ddb0a61d2890436d1b7b79e10181
Score

1^/10
behavioral11 behavioral12
- Target
  
  slardar_sdk.js
- Size
  
  51KB
- MD5
  
  adc5dbfdfc9c87ce72f6f73f1809fd7b
- SHA1
  
  3b4233e9e367096cca64ba489172329af9887c4c
- SHA256
  
  5ca3eec94dec06c18431512cbcdcf3d920ce25cbc2774b498f8a1f41d1216027
- SHA512
  
  55e0a7f94f9e7816722b4cfa91f395bf5e418274f0a06b696dbd237f95e45e6da271fd10df21981548dec0fe008c23850eeeeace7752aad2a528dff740c1526b
- SSDEEP
  
  768:x8Z9bbDO4P6/JkK3eqB/jYYzVpKmeu8E3B/6d0:xOW/mK3/jY2
Score

1^/10
behavioral13 behavioral14
- Target
  
  template.js
- Size
  
  131KB
- MD5
  
  dc81f87fea004f156041a43a941d1283
- SHA1
  
  f9877561bcf371421a8672453f5f492a4595813d
- SHA256
  
  54f4fdc9885db4ad3e66e623b5e79e2f9ca0b842cb8facd3c38e108cee1cc6d6
- SHA512
  
  efe4c1bcd913ab08307032f75f7f03db48fa2b4ee0a18c33cd2463cf0a49d81f9d766c0d628fe170e94e43fef3d488a6a3fb1309b78bc40b0c2ee3aac24febcb
- SSDEEP
  
  3072:NUhk+e1Iif77WeCtQC13g/gpMmlOFsy4rU1vxC/u:keCtQC6/ywFB4KE/u
Score

1^/10
behavioral15 behavioral16

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

alienbotcerberusbankerevasioninfostealerrattrojan

behavioral2

alienbotcerberusbankerevasioninfostealerrattrojan

behavioral3

alienbotcerberusbankerevasioninfostealerrattrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16