General

  • Target

    e15e150aecbdac58bf9a81fb23c6f22e4a07c4541064fdbfdcff5c9b6d28ba20.bin

  • Size

    2.2MB

  • Sample

    230826-1zgzjafe21

  • MD5

    8367c4c697115e6de5779785299fde57

  • SHA1

    f453b72a6ba3e8dbfd747dbccd7980f13204f062

  • SHA256

    e15e150aecbdac58bf9a81fb23c6f22e4a07c4541064fdbfdcff5c9b6d28ba20

  • SHA512

    a7c31b94aa5b6539c76ed7bb094f235f97324666f13ff8f59b2b89aae061856a37f1f7b5e2d322a348d7a41fc13f4bcab2ef3cbbd140320ffd6d64cc86bfaca0

  • SSDEEP

    49152:X5On6l+9IMZ/aY4toyk7LIzVjEeQ3PlHJXTuNM4fhO73rMYUIZimnpuxdRv0wc17:X5GxaxtogzVjEeQ39HJXTuNM4fh03rfr

Malware Config

Extracted

Family

alienbot

C2

http://girisapi6581.pw

rc4.plain

Extracted

Family

alienbot

C2

http://girisapi6581.pw

Targets

    • Target

      e15e150aecbdac58bf9a81fb23c6f22e4a07c4541064fdbfdcff5c9b6d28ba20.bin

    • Size

      2.2MB

    • MD5

      8367c4c697115e6de5779785299fde57

    • SHA1

      f453b72a6ba3e8dbfd747dbccd7980f13204f062

    • SHA256

      e15e150aecbdac58bf9a81fb23c6f22e4a07c4541064fdbfdcff5c9b6d28ba20

    • SHA512

      a7c31b94aa5b6539c76ed7bb094f235f97324666f13ff8f59b2b89aae061856a37f1f7b5e2d322a348d7a41fc13f4bcab2ef3cbbd140320ffd6d64cc86bfaca0

    • SSDEEP

      49152:X5On6l+9IMZ/aY4toyk7LIzVjEeQ3PlHJXTuNM4fhO73rMYUIZimnpuxdRv0wc17:X5GxaxtogzVjEeQ39HJXTuNM4fh03rfr

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

    • Cerberus payload

    • Makes use of the framework's Accessibility service.

    • Removes its main activity from the application launcher

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

    • Target

      closebutton.html

    • Size

      981B

    • MD5

      c8efa039f4f84b2705a8e3a3b31da61c

    • SHA1

      669749429feda1599c4ee980cfd67fbb1a54c1a4

    • SHA256

      494693c2ac56ecac1a2588c25631e1bf71211fb0f06108649a983c879315b1aa

    • SHA512

      db6c9817469c937a41eedbbbdaeb21a0860fa5228258978fe59d29c75ab1497b8d1a0ceaae2b236206d6935e186deaf0d83a73791658fa68a985dfc5c314aed2

    Score
    1/10
    • Target

      core_wrapper.js

    • Size

      5KB

    • MD5

      2558e92bdb03c3e4685d4320a7cbe715

    • SHA1

      9feff7ec75024ba6d9753ea233ffbe0b7bc04bf7

    • SHA256

      99a17d18531953e748103eb021738a42eb9fe675532a4d42441d3bc34e048bc8

    • SHA512

      83409561241255be24558f6b238f1687ea7f703d6950a8ad54ff4c50aa9c62af490b74e9b60379ff074b92942bf4752a653a19c4da2b554ac59ecfa0f5fad9f3

    • SSDEEP

      96:MIn5NKjaILnYJX+myXjfaw17BLyHjLAHIIJUU/AUYYg8InG+d:N5NKjDrYJX+my7aw17UHjLAHIIJUUAW8

    Score
    1/10
    • Target

      lynx_core.js

    • Size

      179KB

    • MD5

      e7cfc2c0ca21ac6ed87869dbaf29afda

    • SHA1

      b4db4af75b92b08408c8f0b9d9ac5ddd32d80b1d

    • SHA256

      015c037a7efc9b28b6a55c6b1c18c1b71fed16e3ee1e630dd45906864ad709ec

    • SHA512

      a51e1247a451d0f12872455d2425771a7ba335c79630ccb7e423c4cdbfb48be7b6402c7283602c812930d46f562999edef809e5215516c5f4e89bf3037d2455f

    • SSDEEP

      1536:te01PJrNd3xF5KPIL0B/8kX9RHytxM9+Wn3Ocm3RzC4+KmbDEyJ7NRIY36Sq+HzM:3RJrZztUKC4+HIfSqL414T

    Score
    1/10
    • Target

      nd

    • Size

      6KB

    • MD5

      f6c6587ac2127318e57df26f29f9d92e

    • SHA1

      b68b68ee5b2aa52d0e93a795ee83d0084eb3b4f1

    • SHA256

      5a2c00182af9b6062876f1ebf9076a4f53bd78da5d59bcc8a9e51ffc0eb93a59

    • SHA512

      3465e098e7c9f00873375c156d97417c6ae0328fbaab33796e498edf05f6b917cb2de31eea6a9b2b76c0c4798aca0aadb6b211e5c06563d637ce5220b3e30700

    • SSDEEP

      96:BxEnFiv6dMo0mqOoLR9ooXo7GUGcbhWVevATWJ4:YnFi6eo0mqOovooXo7G2bhB8v

    Score
    1/10
    • Target

      slardar_bridge.js

    • Size

      3KB

    • MD5

      cc0a24c68fce308319dbb627a0836a35

    • SHA1

      a19813e37b11803b940d9cc636aa9fa6510e42de

    • SHA256

      751c84bc61085dd3baecfe3a51dd3d2f175ca3c5bd61f0c6bdac0817120a4e79

    • SHA512

      576f30fca86a1bae7f4fd401c893685472395c39beef7cd0a5b1fe2010d594b77541187e6bf94e50cb477e4c8761af1fd557ddb0a61d2890436d1b7b79e10181

    Score
    1/10
    • Target

      slardar_sdk.js

    • Size

      51KB

    • MD5

      adc5dbfdfc9c87ce72f6f73f1809fd7b

    • SHA1

      3b4233e9e367096cca64ba489172329af9887c4c

    • SHA256

      5ca3eec94dec06c18431512cbcdcf3d920ce25cbc2774b498f8a1f41d1216027

    • SHA512

      55e0a7f94f9e7816722b4cfa91f395bf5e418274f0a06b696dbd237f95e45e6da271fd10df21981548dec0fe008c23850eeeeace7752aad2a528dff740c1526b

    • SSDEEP

      768:x8Z9bbDO4P6/JkK3eqB/jYYzVpKmeu8E3B/6d0:xOW/mK3/jY2

    Score
    1/10
    • Target

      template.js

    • Size

      131KB

    • MD5

      dc81f87fea004f156041a43a941d1283

    • SHA1

      f9877561bcf371421a8672453f5f492a4595813d

    • SHA256

      54f4fdc9885db4ad3e66e623b5e79e2f9ca0b842cb8facd3c38e108cee1cc6d6

    • SHA512

      efe4c1bcd913ab08307032f75f7f03db48fa2b4ee0a18c33cd2463cf0a49d81f9d766c0d628fe170e94e43fef3d488a6a3fb1309b78bc40b0c2ee3aac24febcb

    • SSDEEP

      3072:NUhk+e1Iif77WeCtQC13g/gpMmlOFsy4rU1vxC/u:keCtQC6/ywFB4KE/u

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks