alienbot | baef3c30e6790572cd2b8f85325279d28aa9c5547ae62ed2d14215fa985a8ded | Triage

Sharing

General

Target

baef3c30e6790572cd2b8f85325279d28aa9c5547ae62ed2d14215fa985a8ded.bin
Size

2.8MB
Sample

230907-zflb6sea67
MD5

3de95c460ac3a94c42d8b24837ba90c3
SHA1

31fa866184468d24760a25db57fec72ca71a9618
SHA256

baef3c30e6790572cd2b8f85325279d28aa9c5547ae62ed2d14215fa985a8ded
SHA512

41381d60c9cfbdda55eee351cb2b5d835f27964fee53893fdc77b7e80b3616dc171efe2d2fa86dddd9789bc37bd4d937c394c4d09bfa08e2d5fa208e3367c7b7
SSDEEP

49152:CfBFCzfQ5Jo2+8KZmsuvgFR5/FFTF+0wupmPH3Fg7ku0HP4JV0MulHQEutc7Y:s00zKZmLvgbhZouY3a7k7vQuMu9QEutv

Score

10^/10

alienbot cerberus android banker evasion infostealer rat stealth trojan

Malware Config

Extracted

Family

alienbot

C2

http://uniquebbs.asia

Targets

- Target
  
  baef3c30e6790572cd2b8f85325279d28aa9c5547ae62ed2d14215fa985a8ded.bin
- Size
  
  2.8MB
- MD5
  
  3de95c460ac3a94c42d8b24837ba90c3
- SHA1
  
  31fa866184468d24760a25db57fec72ca71a9618
- SHA256
  
  baef3c30e6790572cd2b8f85325279d28aa9c5547ae62ed2d14215fa985a8ded
- SHA512
  
  41381d60c9cfbdda55eee351cb2b5d835f27964fee53893fdc77b7e80b3616dc171efe2d2fa86dddd9789bc37bd4d937c394c4d09bfa08e2d5fa208e3367c7b7
- SSDEEP
  
  49152:CfBFCzfQ5Jo2+8KZmsuvgFR5/FFTF+0wupmPH3Fg7ku0HP4JV0MulHQEutc7Y:s00zKZmLvgbhZouY3a7k7vQuMu9QEutv
Score

10^/10

alienbot cerberus banker evasion infostealer rat stealth trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Cerberus payload
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
  stealth trojan
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3
- Target
  
  AboutCompat.jsm
- Size
  
  1KB
- MD5
  
  498ac73da52acd5dc0a4d83f5da872a0
- SHA1
  
  cc103f09e977a5b5101f0bafd4cec3cf017288e4
- SHA256
  
  760cc37081c1474affc070abb41f6e2010fdd39fc953bd3469452023f5038539
- SHA512
  
  786750f7742aba30c917efbc58637ce3c067a2bd6d76b24fe9e92235ce317a498c7ca024b82ccf9aaf95ea266c2c12fa713906105b9b38a20bcfe4d9b8fd93db
Score

1^/10
behavioral4 behavioral5
- Target
  
  PinDialog.html
- Size
  
  23KB
- MD5
  
  45937ac174e568f5c3eb424f70be1137
- SHA1
  
  13293d7a58049b53b66ffba2ec6d7dfcb80d4924
- SHA256
  
  59c9720b29b2ad9982e5efe6f3897888f74aed7f4fe750ddb28920919cf60516
- SHA512
  
  30268d3bb5df8374509d0858c613161dcf245bf702e0d3344049e91a91c41d38a1fc763f1cf6e534c0fe1cc7b20248ee72f0d6d6d5b98f3fe40f6966c69c157a
- SSDEEP
  
  384:7xwlSA1lBaD+GD0C/DimrBVUg6eojeSKwtw6n1vdGnC561kt0AlTC1z:lwlDza+S0Uimr7Ug6eo8fqs
Score

1^/10
behavioral6 behavioral7
- Target
  
  StatusInfo.html
- Size
  
  6KB
- MD5
  
  f424a9c6ad3eef1f0d5ebea26603b292
- SHA1
  
  2b668919cf3fea4ed650fa4956622ccd44734f46
- SHA256
  
  a0be5ec1b2e223d5ab54ca1db2ec56ccc5940564792410179682ca416b26d849
- SHA512
  
  96b6e97f834df81a4e0837eb4c2c4a88d6ff871899e7567ba188a1b731f4b554670c17121e5212de802f2ae04692635e621ee8a4c12efaafb79cf90ba2cf63b6
- SSDEEP
  
  192:cNjCjAYLhO/jXuXkZyjLFoFeforFowe3CDC4u4ZVnfPyDSBnYe:Z0yI+pLFoFTFZDFnf6MJ
Score

1^/10
behavioral8 behavioral9
- Target
  
  WebviewSocket.html
- Size
  
  2KB
- MD5
  
  ef18176b47b78e486710b4d0ae2f9045
- SHA1
  
  549e80f4ba753e07d04be637e68d9d96c80600b0
- SHA256
  
  0d72bd1dc4a245d101450bfbbfa55ddb3ed9f7eb232943d735ba2307f03ec7c3
- SHA512
  
  fd814cd852e503228874b2e4678e53696f4b12a7a006d907afa5115b8188d6de280576153b356bc80e3770f104c0116c59ae13f095a5d499ecb1bb8ce066cba7
Score

1^/10
behavioral10 behavioral11
- Target
  
  aboutCompat.html
- Size
  
  1KB
- MD5
  
  2831c5dc407fefdabdb3478b55a2d7ba
- SHA1
  
  c88cf99a2f32f3f7fd13ac8d40cf0e12f8c7b9cf
- SHA256
  
  40c0dd13a36b8b81a67b5033a68334d28a447344799038121fe89509b808071a
- SHA512
  
  db4bc68fdb64442397ab3a37972bb4204f2107839f69d1b3f1302c08980c2a60f2e52c0925339432d07e9c9229898ad49b4d9e431621d48f6291ca3c0ff13823
Score

1^/10
behavioral12 behavioral13
- Target
  
  aboutCompat.js
- Size
  
  4KB
- MD5
  
  216688e14d25a9b78e08ab2bf45fdc47
- SHA1
  
  2860680327683731ec84ef46a69f864d7e69c000
- SHA256
  
  d8cfe2690f9a34fba92fb11042e2ca2a29c008ea149a24814f07c2d7a066a499
- SHA512
  
  14ad53a4e0b769450f611ed510c8b6235a2caee9cd21dd76ccf2571cc5acde8d90688ea82aec8395804055b2423a0b29b1dd605153dcace1ec8029e4a42b8d3e
- SSDEEP
  
  96:Az8kpQIOiFGUc9aemIy28asxF5IrX9m5Cfgjp1Gb5w5gsIIss:Az8cQiGjaemIP8asxFo9moIj7OlDs
Score

1^/10
behavioral14 behavioral15
- Target
  
  aboutPage.js
- Size
  
  1KB
- MD5
  
  415c0b737da0f5021f0a740fe7d5f094
- SHA1
  
  d79610b71dd27bb3d6e4c9d4aa288cc167abe226
- SHA256
  
  87c3b8f16ca07bf713f08ec9c7c70745bf85e67cc2d93bdeb01e624b9dabe88e
- SHA512
  
  f8c59a5db75a63979a7c2fc63301a59f36b8451d5a329756ec0fe6ebf3265714d64b3d85afaa5af03712613802fabbec23df6665722af95e92f4b059e09cf1b6
Score

1^/10
behavioral16 behavioral17
- Target
  
  aboutPageProcessScript.js
- Size
  
  974B
- MD5
  
  5d639848905732aa096b3692e454abea
- SHA1
  
  189956611638e80eb1d8c9d2ddca80be4221d024
- SHA256
  
  8bb9029e0978f4de804fec6b6f7fdc89b98dd80866df48d5584403d594c09798
- SHA512
  
  2fbc97d84327f49f6b3256434633968ec89750ea1362181763a21f4ab5cdd4e18841b78fd6baa249f7f29f37ab503e7d511005c9462966f19e5eca68fb5b95c0
Score

1^/10
behavioral18 behavioral19
- Target
  
  about_compat_broker.js
- Size
  
  3KB
- MD5
  
  a0bebec877a422ba5fa63a45fa7941f2
- SHA1
  
  aad9897389fcdd18f93061c6a5793d3f0dea45ca
- SHA256
  
  0ed09a1b872840971bc025fdc3690e305d2fc7aef805b6c0d7b456ce61031da7
- SHA512
  
  79868f5c520e6c24f037da28ffee1b351098881ce3338ae79dc57297b2aa07f0fa8c62b1b4d62b09575e6ac5eafe5e3b01cc30621b241c63d2733b54189a2323
Score

1^/10
behavioral20 behavioral21
- Target
  
  ads.js
- Size
  
  1KB
- MD5
  
  23c59c0123eda0ea6f6f39d8e01e594d
- SHA1
  
  afe2e4b20b120d42d04f02aa251da9b2d3845383
- SHA256
  
  d5b9f38bf047a03478d4afeb3b673c00f061c2999d0e8b59eb763c7800efbf6b
- SHA512
  
  0a3230585bb60bf7f36271ef912308512699d2228363cc5d905a0c76378a1d260f3be6d29b98b6411a85badaa99659c16e89794125ad3ad5dcb4062837a8bf42
Score

1^/10
behavioral22 behavioral23
- Target
  
  adsafeprotected-ima.js
- Size
  
  2KB
- MD5
  
  8870c03e4d49ab60008d9b26a202c230
- SHA1
  
  cc191c187277444ae78c3685351ee7ec34dad28c
- SHA256
  
  9f7a124c71c252c9812a72abb20f420ee03d5991e2f4bb29f6daf40bb1a585ca
- SHA512
  
  f37da788bb22d8c782b80a71f0274c37c642a235243474167341cfc90c07e84827b9d102f3f1a7cc4cfa5837deaabac687c8ae072195914764334f1ce60059b0
Score

1^/10
behavioral24 behavioral25
- Target
  
  background.js
- Size
  
  29KB
- MD5
  
  4fbca601bb4d0a1405c655fed6d8535b
- SHA1
  
  a8700ea02d3926aad66102c0799d0a4e1b3bed6b
- SHA256
  
  61d2dc3b8d7e67c3790d8c58af811611f92f6d013e63a8e65d570f9ed6438053
- SHA512
  
  c0eb7a04d0140f270e38b0a3fb9056624a812f4f2038f81cb3eb37af58742fc3d86e28fbdaf581f5333b7fa9b55e516b8c85224175b9bf4fda6b62c7d122ec3c
- SSDEEP
  
  384:/I4AtS/HxHyk4mJhaW7i/7oFOtCZP9j1tUN8sq9AdXQZ4:/IcHxUgeCZP9j1tO8sq6XQa
Score

1^/10
behavioral26 behavioral27
- Target
  
  bmauth.js
- Size
  
  530B
- MD5
  
  ede18146b1d052a3e069c61143f82624
- SHA1
  
  43cd4799a797fdc85a807c4c50255af7eafc177a
- SHA256
  
  2d3a3d2be96ce36e2014231356b90d2d5415b19dd580ea63ec787516ebb76777
- SHA512
  
  20845d059437ec7c14ada83874a7706f747d448cad28ca61d4b1fd975f0887af76290f28f9ecc4e9b635cb9bf776d6fccdc389b2a3c117f419e85e74ad1eab1f
Score

1^/10
behavioral28 behavioral29
- Target
  
  bootstrap.js
- Size
  
  252B
- MD5
  
  a24f5082725c5e2796e6f2c2f504121a
- SHA1
  
  4d2c237d3ce88d95cdd48ba5fa606db5197f3008
- SHA256
  
  59c29b274cd02bcf78f0c2736cc4d309ff34ee31061fb063f24ec2b960b1d1a3
- SHA512
  
  935597a1d9ecf00fc8a528855490a2d76b48bf95cf769850ac8268e0c7b50b18e14efca6dcf1f839dc5ae86355caf3fda87dfa22799d3e7e49a3037727cf2c68
Score

1^/10
behavioral30 behavioral31
- Target
  
  codemirror-5.31.0.xml.min.js
- Size
  
  5KB
- MD5
  
  67c9f5409fa4e098c3bbd79a0788efc0
- SHA1
  
  c47b9f1a7d9038352047376daa19aea0d8496761
- SHA256
  
  35ed7e6bfba9c23f4dbc51f2bd9fe3d21610c293afb46c0093c06a3acc1fe10a
- SHA512
  
  9d196171a51fb29fac161fa20706d00ece5ff57d1422af14a1ae37f8d7a19c5c7947c4c9e8e89b379a3d864825b3576fcab2aa30ac397999abc62a4b727da9e1
- SSDEEP
  
  96:UDvccCiS6/LaKjh9ptpwX/Mr+NbQAcXg9No4ZgMSZv9614brPgAf:LiS6/Vh9ukr+JcQsf9RrPgAf
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

alienbotcerberusbankerevasioninfostealerratstealthtrojan

behavioral2

alienbotcerberusbankerevasioninfostealerratstealthtrojan

behavioral3

alienbotcerberusbankerevasioninfostealerratstealthtrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32