alienbot | 6a41f27d45308f281b986b4dfed2989781a0b69cbf069bc84f28e333b56d6dbf | Triage

Sharing

General

Target

6a41f27d45308f281b986b4dfed2989781a0b69cbf069bc84f28e333b56d6dbf.bin
Size

2.1MB
Sample

230826-1zbshsdf45
MD5

6b5f91af50e12627a8125ed7803cce65
SHA1

4fd9bff7e333300c0ec69b22fbd61de96594daee
SHA256

6a41f27d45308f281b986b4dfed2989781a0b69cbf069bc84f28e333b56d6dbf
SHA512

ccd7877fa2ee11e2a3b62a72a352e6353e6fe004760fbff8cdc6ad365f0b2b8a9693e170b0f0380e82b573df80b3f2605a0f8ffeda6694475069f79bc69e67e1
SSDEEP

49152:IOnnxNRARz7R+vrjydjUYlUXzEr7dLMSHSVLSYS9ETtY2D+a7a:IOyRz1+vQUdcdLdHSVhS9EL+aG

Score

10^/10

alienbot cerberus android banker evasion infostealer rat stealth trojan

Malware Config

Extracted

Family

alienbot

C2

http://45.81.39.102

rc4.plain

Extracted

Family

alienbot

C2

http://45.81.39.102

Targets

- Target
  
  6a41f27d45308f281b986b4dfed2989781a0b69cbf069bc84f28e333b56d6dbf.bin
- Size
  
  2.1MB
- MD5
  
  6b5f91af50e12627a8125ed7803cce65
- SHA1
  
  4fd9bff7e333300c0ec69b22fbd61de96594daee
- SHA256
  
  6a41f27d45308f281b986b4dfed2989781a0b69cbf069bc84f28e333b56d6dbf
- SHA512
  
  ccd7877fa2ee11e2a3b62a72a352e6353e6fe004760fbff8cdc6ad365f0b2b8a9693e170b0f0380e82b573df80b3f2605a0f8ffeda6694475069f79bc69e67e1
- SSDEEP
  
  49152:IOnnxNRARz7R+vrjydjUYlUXzEr7dLMSHSVLSYS9ETtY2D+a7a:IOyRz1+vQUdcdLdHSVhS9EL+aG
Score

10^/10

alienbot cerberus banker evasion infostealer rat stealth trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Cerberus payload
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3
- Target
  
  callout_11_shadow.svg
- Size
  
  2KB
- MD5
  
  a43eaf2037b2a882b41912e5bf68e3f4
- SHA1
  
  b1b73e482269c1c5370f7a6e4ab5a3b47d2c6373
- SHA256
  
  354cbc8433a0fb42c500fa7039f4c7254db20eb9f589f8866846f142c45d94c2
- SHA512
  
  5aa4640b5cc83376ae6f61c80bfe6e1aedd2e6eec2337f9478f4a5544cba6b1a09fd46cb4c93a8313d4843a7c42b498f610bf51ca90d476819088e8fd52b2c69
Score

3^/10
behavioral4 behavioral5
- Target
  
  callout_7_overlay.svg
- Size
  
  1KB
- MD5
  
  13da4f83c32b6af839f40448ad4093dd
- SHA1
  
  2dd817cbb6c2198c9b622bf8a4a4bd0f58c5980d
- SHA256
  
  22a5b339c8e15d0b1393e540966b414ca577f1e6c2c4682bef22e98f74e5a5d3
- SHA512
  
  3c5e37b7638099495ca3773edd1b4c780ceced0db68749c7c7437ad460ae765f1e3f952e146f7851a778f9dd32a5c7cce57ee616c0f015231b0071c9a39013cb
Score

3^/10
behavioral6 behavioral7
- Target
  
  callout_8_overlay.svg
- Size
  
  2KB
- MD5
  
  65a2809f038ffa4146cf59a57e6bb32d
- SHA1
  
  3b5e30bf5de229cbeb085e1ea355288d63ebea51
- SHA256
  
  8dc35b01684c284e85275509e698edea94e73f6e328732993a96b881f20eaaff
- SHA512
  
  2f792059b6aa0a1dd32924169fb9176e9c6523c6f17b17cbaa2486bb246b6f726e01717b47372d9558501cb2dc5f51c1564b7ce195bcde1769e07b3fb8a7879b
Score

3^/10
behavioral8 behavioral9
- Target
  
  callout_cloud.svg
- Size
  
  4KB
- MD5
  
  cd47d4b3192545c91fdddeae5adb3d8a
- SHA1
  
  8d389882bb4a501bd8d2c9690a023d0c808213d7
- SHA256
  
  8ec8ca9e56edab13c9b45aa0dc21a4970398ba6917efb981e4533cd510c56d58
- SHA512
  
  58f8482402652807229c3d5a563c785f4f85d6f768592521b951ade7555826f49f45e41881b1012c0350ee5aa77e0e4daa22f207e0fa3ddf3f06c16e49817ddc
- SSDEEP
  
  96:7OKfETG9jU7aGyVS0/K4TL+uhBj0HPDYKnCZB4qdP9:SoZuaGyg01TPhUzMd1
Score

3^/10
behavioral10 behavioral11
- Target
  
  callout_dest_bubble.svg
- Size
  
  1KB
- MD5
  
  5a1b792bf859e656807fb87228b66416
- SHA1
  
  21612430725df233bd8bd7e10ae17a33a7923429
- SHA256
  
  07c9841559f933977b9448e4ed5e18e3000666faa8768526136bccebefe8b104
- SHA512
  
  e908a8dd836b51193f62b60eda3a5371cb9f2548e0b792e90fe624e012c7d64c20c987ead14f591a1e59b7786eec31221f56148447ba8deb53082c7594462b25
Score

3^/10
behavioral12 behavioral13
- Target
  
  callout_shape_2.svg
- Size
  
  4KB
- MD5
  
  6dc1e0aa43dd2a582b24b6487605fb76
- SHA1
  
  c403b4c464908b8d740d03775742fdc72a6e8327
- SHA256
  
  f6ec4c71c9e3ebfc1d23691364cc5736a12c3180ad35e55f4f9dc0fa3ce03669
- SHA512
  
  3cced4fb52552f26f35eac6eacf8fc408b6f5e251984f486e203777b0889261db83ea127a97b5e53c246456c819b23b6d6209fec1bb3a6df5f173e66de370ce2
- SSDEEP
  
  96:7OKfvMkrs4v9rTicBaUTnpI5kS0nvVfiYPl9Cb7dMM/SAWicJPjiBwlH:SoT44Vp3hrnvVqY99CR/SAWicgwN
Score

3^/10
behavioral14 behavioral15
- Target
  
  callout_shape_4.svg
- Size
  
  1KB
- MD5
  
  828a7ba18fb29733210cccea82833faf
- SHA1
  
  0eab9f3bb7bb221a0d54a0da3379edfa80a713ed
- SHA256
  
  fad97a809483b5b59a783e811aea993048047ae6efee1f861233a63067b7a815
- SHA512
  
  ee5fea4dce25d0bc8ea471641e4bfaa3da2305b9be2c494ae8f444e44c65494764180b5412fa7192198280b2aff420c2a76eda41f036ee87a9eb246d2a067944
Score

3^/10
behavioral16 behavioral17
- Target
  
  callout_shape_5.svg
- Size
  
  3KB
- MD5
  
  3b6eb1ca75da44d8df15f66358aa7ed2
- SHA1
  
  6e43efdc6bb028ca022a2bc8bb005ad4f52f0d08
- SHA256
  
  dbac2601ec9c8909b1af9992c835313f62d2f6f8226e3e142136c8e3fa793f0a
- SHA512
  
  08f6e115d5b32e7d6c305be446f4ca9f803031486c6816a50ee981ab68f0d588247dc22f8048881e2319fcad2c935d1fcb2c25560a8a79a5500a97bf68963970
Score

3^/10
behavioral18 behavioral19
- Target
  
  callout_shape_6.svg
- Size
  
  795B
- MD5
  
  05756dcdfc425a86b875a296518e5e7b
- SHA1
  
  f672a1e93bfc33b727a0d453ef66a530dad0de6f
- SHA256
  
  314286468da8ded2d9baf6c2f6c172ae3926024d60efa1b4c2aa22b0155062c2
- SHA512
  
  b19f29e3265f3198037ad6e3d5cbda6d3bf9856df9f76553c83e057c0ce5e5e22848fb264c09fb270762bbf1b97efbfef57e7fcded5cc4e55bb654657389a2e0
Score

3^/10
behavioral20 behavioral21
- Target
  
  closebutton.html
- Size
  
  981B
- MD5
  
  c8efa039f4f84b2705a8e3a3b31da61c
- SHA1
  
  669749429feda1599c4ee980cfd67fbb1a54c1a4
- SHA256
  
  494693c2ac56ecac1a2588c25631e1bf71211fb0f06108649a983c879315b1aa
- SHA512
  
  db6c9817469c937a41eedbbbdaeb21a0860fa5228258978fe59d29c75ab1497b8d1a0ceaae2b236206d6935e186deaf0d83a73791658fa68a985dfc5c314aed2
Score

1^/10
behavioral22 behavioral23
- Target
  
  core_wrapper.js
- Size
  
  5KB
- MD5
  
  2558e92bdb03c3e4685d4320a7cbe715
- SHA1
  
  9feff7ec75024ba6d9753ea233ffbe0b7bc04bf7
- SHA256
  
  99a17d18531953e748103eb021738a42eb9fe675532a4d42441d3bc34e048bc8
- SHA512
  
  83409561241255be24558f6b238f1687ea7f703d6950a8ad54ff4c50aa9c62af490b74e9b60379ff074b92942bf4752a653a19c4da2b554ac59ecfa0f5fad9f3
- SSDEEP
  
  96:MIn5NKjaILnYJX+myXjfaw17BLyHjLAHIIJUU/AUYYg8InG+d:N5NKjDrYJX+my7aw17UHjLAHIIJUUAW8
Score

1^/10
behavioral24 behavioral25
- Target
  
  help.htm
- Size
  
  53KB
- MD5
  
  a249587defc4f17f972785d38bd76df7
- SHA1
  
  a359c29f7a850e01688890e1990022992e353493
- SHA256
  
  2c2727cf87a4a33c0fabcc1c61ebc978e9ab6bc362689a22571ec768f1361393
- SHA512
  
  24a81603830a66fd4e06d6747ef55a2e1decf8cc2e27aa159e3bd06244749c323e78487d5ade8e0178dae9ed5ab77818a8e8015654673d3bd5b3ee619bcc5ea4
- SSDEEP
  
  768:FWAtJoDQSUPSEXVe5wSCFz1K4I8Cnsro7:b6kxPSGowS8E4I8Wsa
Score

1^/10
behavioral26 behavioral27
- Target
  
  help_cs.htm
- Size
  
  60KB
- MD5
  
  0f640786196d6011e01155333821964f
- SHA1
  
  066c679b1de3b92ff8ea552d1f80adf6891047b8
- SHA256
  
  bf803405fedfdddb8633f549f97f4a5a53f4d1a0aae0726a4e4c2a380a611fc0
- SHA512
  
  7f5545021dac362c111d315d4e3b049674d6fc3c8a198330eb35fd562ba6c4c888d4ac16341b10c3b3caa47187759b48ba2cdc12dbda2e1b5f702f3bf2c48a17
- SSDEEP
  
  768:Jqj9py4zLWgQgkai1q2esuB+SgvHQ3tSOPz114I8nV213trFi+0IgTagDgrg71gd:+pySnFkaAvHUtS+D4I8V21CTTEM76V3
Score

1^/10
behavioral28 behavioral29
- Target
  
  help_de.htm
- Size
  
  60KB
- MD5
  
  be9c03c0d46795b87dea0f7555274b4c
- SHA1
  
  51ed992061218f7cfebdd1a73412db4bf733634b
- SHA256
  
  407eaf294879c0423363f5220aceaa31078306035324254d4eb667f0331b4cb6
- SHA512
  
  f809287a14f9a5eec9de0b48af9c4629aa9fe4ef27b951fc82de721d0050750db63adf132cad69e7d9d6dab4f52907f506b9f1bb402da7ddf0394b9eb23d3604
- SSDEEP
  
  1536:28JNMFKvYrpZc3webMrWbesDyKjhCDwE4g:2WNEKweUsDywCT/
Score

1^/10
behavioral30 behavioral31
- Target
  
  help_es.htm
- Size
  
  62KB
- MD5
  
  06411e592d988047a3872a74bda464e3
- SHA1
  
  d9d1123bfbbcc127b5838ea0d8fa92972d80b589
- SHA256
  
  97d4b09d02418af47892328bd918a16184ce28de88594d37881aee2ccb3d0c79
- SHA512
  
  3d86c5265c193689f56104a574da1eef796d9c645b45d5274971bc2b72af917309a09ad1d0645b4e8a5d0cb2ac894ef10da66ee8d879de10d4386324d6673e36
- SSDEEP
  
  768:as290X/lZFG5705HqYR53KN6dxvwDXk+SSEfntE2ycpSQRar0/:amP4uBpKN6d1l+E/t3HSoa4
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

alienbotcerberusbankerevasioninfostealerratstealthtrojan

behavioral2

alienbotcerberusbankerevasioninfostealerratstealthtrojan

behavioral3

alienbotcerberusbankerevasioninfostealerratstealthtrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32