alienbot | 43f7de64b8026fa16a4e0b74a9a3d1c879db3098c9780ac202fc2113a5577c48 | Triage

Resubmissions

09-10-2023 22:34

231009-2hkvjaah72 10

09-10-2023 22:08

231009-12p3xsag76 10

Sharing

General

Target

43f7de64b8026fa16a4e0b74a9a3d1c879db3098c9780ac202fc2113a5577c48.bin
Size

4.3MB
Sample

231009-12p3xsag76
MD5

5821d41b75a741cbf411f02eba9e85df
SHA1

6cfc9e0fe629d884e23a40247dfd040f47c511eb
SHA256

43f7de64b8026fa16a4e0b74a9a3d1c879db3098c9780ac202fc2113a5577c48
SHA512

ba1edb32d7d65bf6ddb7b6da2553e5898167c5bd4671c1e5da0eab7cdf873a1e018450a4a62a3dbc35aa70e9236c63a36b6b8b103474552b89ff726355acfe4f
SSDEEP

98304:P2HJ6clSJ5WC2SX/Kpym5SBzvq/h/P9/GKJRyHjVmMkfbh1mMXyZYv+Afez8E:+pFZ1cm5SuTexZk91DgYWp

Score

10^/10

alienbot android banker evasion infostealer linux stealth trojan

Malware Config

Extracted

Family

alienbot

C2

http://wf4sctx9cksg94528o7o.xyz

Targets

- Target
  
  43f7de64b8026fa16a4e0b74a9a3d1c879db3098c9780ac202fc2113a5577c48.bin
- Size
  
  4.3MB
- MD5
  
  5821d41b75a741cbf411f02eba9e85df
- SHA1
  
  6cfc9e0fe629d884e23a40247dfd040f47c511eb
- SHA256
  
  43f7de64b8026fa16a4e0b74a9a3d1c879db3098c9780ac202fc2113a5577c48
- SHA512
  
  ba1edb32d7d65bf6ddb7b6da2553e5898167c5bd4671c1e5da0eab7cdf873a1e018450a4a62a3dbc35aa70e9236c63a36b6b8b103474552b89ff726355acfe4f
- SSDEEP
  
  98304:P2HJ6clSJ5WC2SX/Kpym5SBzvq/h/P9/GKJRyHjVmMkfbh1mMXyZYv+Afez8E:+pFZ1cm5SuTexZk91DgYWp
Score

10^/10

alienbot banker evasion infostealer stealth trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2
- Target
  
  alert.js
- Size
  
  3KB
- MD5
  
  d6c567e033380eb2d2a0f14df4441568
- SHA1
  
  1aa7d3021c4995be84f770e7e3ac78883832e2a0
- SHA256
  
  1d1e2f6a1c58b4ab02e36ad832619889011212633d97e6f989a144b06bf6250e
- SHA512
  
  4960d56590e9f55fe4c7b32aa530663a41fcb489f976eadac4e3ce6075a0ca728c8c607206e61ca144f36f51edf84a588fc87c330ca2e41480caf7aefa43553e
Score

1^/10
behavioral3 behavioral4
- Target
  
  app.js
- Size
  
  3KB
- MD5
  
  0026d35eff447c5c7aaf2c88a8b7dcd2
- SHA1
  
  e0d74c400d947ec9b24bc4a6cbf3abf4758b87f5
- SHA256
  
  8f7a9b08c2638589e7ad2259b0dee725adf425c629234f1288b1fe946b51c125
- SHA512
  
  ab859b1c9735bd6f4f46501619a5d3b80b96086b299b3e8dab0f1edbe0d80d6254fc31bf43c2fbec545afdc39e9df0b739f6589b5e71424c5d282e61500e6de9
Score

1^/10
behavioral5 behavioral6
- Target
  
  banner.js
- Size
  
  392B
- MD5
  
  0678eac0014e41f173288a8247cfeace
- SHA1
  
  a0642bec3921abab176f2b69fb2f7f4c312ad555
- SHA256
  
  4884deb1eff9f9243cccce776cf52f96f676f994cd61600dd57bd627af618188
- SHA512
  
  f8927bad870b56446eeb696471fb155991a34667af769f026d022934410a72561a5580771e7999daced14658c17d3af5753f2a5de17fd51bdd787a6a4dcd5b86
Score

1^/10
behavioral7 behavioral8
- Target
  
  build-plugins.js
- Size
  
  2KB
- MD5
  
  4d95e21ba11b3da66135970ab765935b
- SHA1
  
  ec7dffe91fb0a3c77be69bb92c5170b98cc52983
- SHA256
  
  007416087b91ce181a81cc12edb63e096158f5763eddfabb05395397e1133689
- SHA512
  
  fa95d06d72f1a9d88f64c15a6297debad5d376c41671cc67fe5132ec37d87e7f96e959a3a4e0f78aaa3ae928e45a28a2d097ada4ef53f5c8fcc356704d7e826c
Score

1^/10
behavioral10 behavioral9
- Target
  
  button.js
- Size
  
  6KB
- MD5
  
  af9230c7495336fc8f5bd24375828fe1
- SHA1
  
  1906ed00c51642c0cf6abf01129c95b9cc3d44a8
- SHA256
  
  2bfea0f926933574818c3d0bfb16dd1907411904c145edf8cdd699b8f226a919
- SHA512
  
  aa77ddce359722a9b7989bfb33e5faa3d5391d99f9a099f974504d56b8d390736c25fe7a0c44edcc12c3c25ef885fc1d8bcb270c13aa93e2fb515dfa305418fb
- SSDEEP
  
  96:5akGk0DuBst6imOiwiB/CqTZDnAjCvNghrWJdRG1mRp7jJhYyR3jwm:hGk0DVbB5ZqTZDnAjMChqFG1mp7jzJjN
Score

1^/10
behavioral11 behavioral12
- Target
  
  change-version.js
- Size
  
  2KB
- MD5
  
  8a489ce2332aea70c749510061b2ce55
- SHA1
  
  a22d70c36de8d19f228472f1e0fba4dbd0d66edd
- SHA256
  
  4fb256992f67a5ea2f3a6cf8c88e9fd9bf3062f6d6ac6c5be4d84ddac8ae2eb3
- SHA512
  
  0d7a72e5bd089db8ec14a66ca3908805d8c883d390feb60c222cfce90fb5b1096ff3af9ea2b7c113e0c4ec572a3f34b3aa0a01d69fa9caa2764c4821c58b0c8f
Score

1^/10
behavioral13 behavioral14 behavioral15 behavioral16
- Target
  
  consentform.html
- Size
  
  26KB
- MD5
  
  e10170e84435bd7cdaa9230bb1a4f3ef
- SHA1
  
  74e79735e6b898a9c34adb31d95f033087e12321
- SHA256
  
  e84d4254ad60362e46a7f2ee254c30d013599da2e5bb0d12eecfed301c1a71ae
- SHA512
  
  acaf06a1f25729596d24490afecfcfc37d1d4b0c0a0e28b3afce0fe93ec1779fbbd34fadfaa91397cd31cfb19ea382282844b2c7fa0ff6b847b48fba5a9a571d
- SSDEEP
  
  768:sEORdK0hTkVaqN1b6cY4c5yC28c54NTc5Jt:sEORdK+/cY4c5xc5wc57
Score

1^/10
behavioral17 behavioral18
- Target
  
  cue.lua
- Size
  
  4KB
- MD5
  
  d8e7977907b49d0f23fb7793805ed877
- SHA1
  
  ac388f13e6b10d2c7dda3f969c94a6bc37a70d70
- SHA256
  
  015d141017787feb494915467dd7c2698a841a171b54fef63b4e81aedf72a863
- SHA512
  
  f529d0897d2810d0b0d1fb8cefdab3ad1030e89202adffac9a6d776e4fbef3d99c22de3b039a4d8b128c92647dddfb84f5c6411a06b0aca80f2833fb950e08b8
- SSDEEP
  
  96:BENrn4svlU/As+tFYfFxka/rqIo5GkDutn:+RnjlU/jQF4Ga/mIoGkDutn
Score

1^/10
behavioral19 behavioral20
- Target
  
  exec.js
- Size
  
  10KB
- MD5
  
  3733637df222e1fb58c705074748ae6f
- SHA1
  
  9c9f6ae039f35defba52ef64b4f7f33f6b8a541f
- SHA256
  
  14903bd51eb4dbeba82c05e6c8e0f9eeb2b24edd5a5a2d800111838c12030d4c
- SHA512
  
  c9349cc4cdbb87df7a4f2fc9b14f2ab2fdccac21efe70e214eb8deffd1376c411ea339a0e482f12771276aa1d9c70acfc34bd3dfd80d4af009f03b6e48262eb8
- SSDEEP
  
  192:z7NdHpqQ7TnJlK/bz7j4zfltsrUQDlF+VOiwafPbY50AkYliQZQ:XNPqQ76gr8YS6DKQ
Score

1^/10
behavioral21 behavioral22
- Target
  
  flaticon.html
- Size
  
  24KB
- MD5
  
  28986f591783838f9dfc92bb7084d7d1
- SHA1
  
  48998dacad95af1b7e16bcdfb6ee065ada7e5d2b
- SHA256
  
  89b0686fef5af6b3ffcccf4b211f50ccd8e8d68d8a563fc9870d3cf0e5663945
- SHA512
  
  68b8c0a361812f365ce3f6b42520208a1ff24a8d59635c51b1f12c9724883f2ca476d840970f6ef02bd7f86f8ab0e26c152585c2eee7639c4abbb9b0730fa04e
- SSDEEP
  
  384:Ny3RxaFm91p2MGO3PR46UQgznTo9OPgnabpjkZIfIL3vyvp1HXonhPJV8D1tMYlZ:Ny3R0Fm95GOfR1uM06GlG2
Score

1^/10
behavioral23 behavioral24
- Target
  
  generate-sri.js
- Size
  
  1KB
- MD5
  
  37b1b0bdb43eeff4db56fb5d71d17ec2
- SHA1
  
  88e90b79082787d958333006496c5cd590522024
- SHA256
  
  809e4664526a9ef393412df19c6c1a093f63d1ba3de8c0fbf32e5133aa24c5a4
- SHA512
  
  b979942c6bb4699e7bd45b0fb18d5d1f8c6149a0308ae56c7cd469fb9811e365208c13374a8767cd8c3ab7b6153f2c85d2be003707e1ee91fb65e694b6be1147
Score

1^/10
behavioral25 behavioral26 behavioral27 behavioral28
- Target
  
  howtouse.html
- Size
  
  3KB
- MD5
  
  86805cb74330bdade0fd1514b786f3fe
- SHA1
  
  026956ef40c0b13b02d04b62dde855cdcf8320c8
- SHA256
  
  b52df83dd6bc09432285fb4d7eba48e00fcb70514a10265369de0d4e082fd1ac
- SHA512
  
  53c2f9fb2a62bdffa43947bd6c40d1ee611fdba4f31ed206f9016eb1c22181644d71fe5a71cc6334f6cc2f6b41746dd2f663e0e9d5e6835f5ea5a0aaee70bf84
Score

1^/10
behavioral29 behavioral30
- Target
  
  index.html
- Size
  
  6KB
- MD5
  
  632f5c8db0e3e45aefe3efb1be66c2be
- SHA1
  
  d315a8af3da5760e05fa953b81c68ee2ad43e574
- SHA256
  
  2cf0d62d66de6433c28885c2fc9891be97c8d447b75624336452d0f2c1caef17
- SHA512
  
  87b200ba5da65a188e7f6364eadd4346486d196d806538f901eb7665392d8d0a171965f08d80a853e9d04c1d1b13c91010f660c45204f3abd52ee60ef5c1283b
- SSDEEP
  
  96:LbHPSrwSqASLSTSTStsAaodAb4dbtug6maUXLAef5STSTSvSoSGMSTSTSU:Lzarpq2eetLgsRAg6kXkefoee6hGFeeU
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

alienbotbankerevasioninfostealerstealthtrojan

behavioral2

alienbotbankerevasioninfostealerstealthtrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32