General

  • Target

    636f6e438f0747a117995a9c6bf15c95fd2f4ba367f5cf5430c6524e615eed53.bin

  • Size

    2.4MB

  • Sample

    231009-1w2jrsgf61

  • MD5

    eed58d8862fd0b8ff3c297ea02a03f70

  • SHA1

    5cee6a82eb3e4b44afddac228d8ea99a707dde95

  • SHA256

    636f6e438f0747a117995a9c6bf15c95fd2f4ba367f5cf5430c6524e615eed53

  • SHA512

    e9ba99cf3c72ce598d390a288b9dfe0c8a9ad75cd88d5a18fe3bda52ed1166ea5e6c611db958420e6405021106fe016d619a6ce6bf318d474f5104e4bb0fb576

  • SSDEEP

    49152:IC17Qkq1/GgY1mevw/I6lz2XNEKvrl6GGViojEe8ZqSbc+tk3X0ghbbTWQrgSoWI:N1HCqIwXNEKxGo0EFqSgeWkw/WQrgs7U

Malware Config

Extracted

Family

alienbot

C2

http://girisapi6117.pw

rc4.plain

Extracted

Family

alienbot

C2

http://girisapi6117.pw

Targets

    • Target

      636f6e438f0747a117995a9c6bf15c95fd2f4ba367f5cf5430c6524e615eed53.bin

    • Size

      2.4MB

    • MD5

      eed58d8862fd0b8ff3c297ea02a03f70

    • SHA1

      5cee6a82eb3e4b44afddac228d8ea99a707dde95

    • SHA256

      636f6e438f0747a117995a9c6bf15c95fd2f4ba367f5cf5430c6524e615eed53

    • SHA512

      e9ba99cf3c72ce598d390a288b9dfe0c8a9ad75cd88d5a18fe3bda52ed1166ea5e6c611db958420e6405021106fe016d619a6ce6bf318d474f5104e4bb0fb576

    • SSDEEP

      49152:IC17Qkq1/GgY1mevw/I6lz2XNEKvrl6GGViojEe8ZqSbc+tk3X0ghbbTWQrgSoWI:N1HCqIwXNEKxGo0EFqSgeWkw/WQrgs7U

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

    • Cerberus payload

    • Makes use of the framework's Accessibility service.

    • Removes its main activity from the application launcher

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

    • Target

      1bf84a89-28f7574e191c74305c0e.js

    • Size

      251KB

    • MD5

      696c8ffbfce27c9277b9b6869b313612

    • SHA1

      d8d0c7648b951d972feb525363f38ecd13decc96

    • SHA256

      36e13034ee44819389eb7bbb323e2a03be2487f092eb42fcff1989ec234c58f1

    • SHA512

      f645a60fd9e951dc55ecfcb4e6ebab6b5beb54e3785b41c375338ad1d322ce593d78ccdde1ed46fe8f805a1516abf847c87162f5d1f48e90aefc05ebbdf6debc

    • SSDEEP

      3072:fC20znFnQVB2xNge6S6MjPiwjIhQkNLQs/RZ0:fC2InFno2xNgeVXEN0u0

    Score
    1/10
    • Target

      ad.html

    • Size

      15KB

    • MD5

      52c368fc009579446f8dc67daf8dca87

    • SHA1

      fc52b078a9a02847efbf85d10f41b961c85fa459

    • SHA256

      9b6cfb0e52c7f7dc99d5f5b7e2a6142fa3ad82d1333f42877eed3d29b0561579

    • SHA512

      c80bcefe98c2eab09d4a831e788cd50563c62333d4c8aa81046df2acc9888c5a87da45546c1ee7d40bc7a9d7148075e3029e09e4b086406f6143a589111d1cb8

    • SSDEEP

      192:xMejgzfCtmdyPfojYA5D5zniVkG4zhxm45IqTbTD5qRSwpcPt6FLYFieRO6shWUh:flqiO5RrD5qBpWt6FAieRahW6X

    Score
    1/10
    • Target

      aps-mraid.js

    • Size

      10KB

    • MD5

      7eb2e0ad4328a0c303ba8a0a77fbbcee

    • SHA1

      fba9f141cd195378cbb266228b2c3abe6f1a2319

    • SHA256

      5786e5ec3a9425ea2297eccf7b5629491a7c58bdd5877f5a0edadac073ed532d

    • SHA512

      7cbebf9395e4ee3624c3ab84948d98a9b6592946221409681e3ade83f1f2831d0213ba20052f98e71230b9ef7e072e6b0b816534b777bfb512053100bbd0098c

    • SSDEEP

      192:RiCYiIp5RsHMSP2io9SyKMnbCXnBtdyvgVHGlzjTSWiwvi/:RJ6VsHVP2io2MnUjyvgVkzP3i3

    Score
    1/10
    • Target

      assign_labels_local.html

    • Size

      1KB

    • MD5

      b152537ba127d8460bb68e6c654440b1

    • SHA1

      ce3cc1561c9791352d6483b814eea034f3744625

    • SHA256

      2d019088a023dc89232b03863c4a587ef10b9a7d70859db05b6faa754f366c2b

    • SHA512

      d31c69b08d80b740f010e0e911e2abf851f897d4068d99cf5a3e9ec05adff8b47db880996f7ee9a7bb00f37468bb133c2367207069d54baf54872573985a960a

    Score
    1/10
    • Target

      blood_glucose_entry_local.html

    • Size

      1KB

    • MD5

      3189fa9ee5e017a8594ea3bfd6b979c9

    • SHA1

      36abf30ffc1fa35bafe1151234e3a9196320452c

    • SHA256

      b34900c40fe1d76a24c116b4c2c1dff4b983a3ca6c355c1d3c94c7a088f7f2f3

    • SHA512

      2a0ec7f8d35f40cdb7120b70d74064ce4272fc75499d5fe74fd839e25b4d9bc979a826c69311b49fe2b3647355bfd86d583e879637645e58d4c11c1d3c848119

    Score
    1/10
    • Target

      blood_glucose_local.html

    • Size

      1KB

    • MD5

      bf57710afa315efd25ec6a7a691880ab

    • SHA1

      0143d6261505b4e19173d67cac2727e82b5bfe3e

    • SHA256

      6b7fdea002cd0b8ed8b38fcc500987c39c679a27a84aef2faf58c2e0772498ba

    • SHA512

      fc2808557caed6ada3a82529ca756fb94ee88931de032cd314f01fa675a450719f02c7ade9feb2a0af8a64a3b2dc537cd1cc33e226173424f081a441315706c4

    Score
    1/10
    • Target

      blood_pressure_entry_local.html

    • Size

      2KB

    • MD5

      1cdeabe6877fd1045588c42a174a7e01

    • SHA1

      376b5eec8b187c05c562e65dea56622501840f77

    • SHA256

      2f1b3beb96e982fc3a873335c5117682f212f870d5fc4ee6e0e9c2f9e861f2db

    • SHA512

      b3ff351f1ab2a406f8f1b01d6f8ce58052f5edc5307d84c331febe2c972fa3354ecaae2da9f97e278666692ff56a80d020d49c587b184307557b8adfcff234be

    Score
    1/10
    • Target

      consentform.html

    • Size

      27KB

    • MD5

      7a2ed1a6df8839dd8936a86d9edccabe

    • SHA1

      7bc1af528444afca678905059cb1ba9fade65352

    • SHA256

      d02fbd55c1b5da3fa1f77c52f5633421395a3bf228457521512b37cdacd65f9c

    • SHA512

      ea0c3e512b37e340f4c0a49196344f1dd5aef38c469ba124605518e913be601a5b6a92a50f00e962bc90041bb80e51480254c7902032d894b7d24be5aec47097

    • SSDEEP

      768:wEh4FOT6bJdK0D7fkvaqF1b6cY4c5rC28c54NTc5Jt:th44GbJdKoncY4c5Wc5wc57

    Score
    1/10
    • Target

      diabetes_reports_local.html

    • Size

      1KB

    • MD5

      82c943f3825b6c0ad53ea5a928f545bd

    • SHA1

      626e445dfcd1c8fa70a3ee779b6d9f484e36cceb

    • SHA256

      c108fb2c8544a1f2faf5fb450db095df0231cd876aac67e944325bdd74bd3ddd

    • SHA512

      72618f9545d4533e9e0aa6adffecc009928585eb84950ba2b3d3e5610e2ae20259f2b39911bbeaa60230a490e8ced334b0b3fb9501ffebfc930ccd3cc8b27cee

    Score
    1/10
    • Target

      dpr_report

    • Size

      1KB

    • MD5

      054e373de9f9a37790eaa1769b2ab108

    • SHA1

      6305078cad8cfb75a4c79066c03a742601be7f45

    • SHA256

      f9689be3f17411447ea7ac066654cc65271d5552edc55b186b33797af5e6813a

    • SHA512

      3f7c13292d3ccb5cdfec2892c6e3c2f1746614ffeb71a1b1b07564082bc6377dd655ed315fcd4ab5c67161e242c5ae2a4bff669b7e029a66eae99039c156353e

    Score
    1/10
    • Target

      dtb-m.js

    • Size

      33KB

    • MD5

      2958b7dce738e82e3f9edac9408f0218

    • SHA1

      1a736dd5a5f87ebab2ba3bbc557a12487eef2df6

    • SHA256

      d6e2d6da7fa58b8d53828b1dac654d57d656fe47fa9898c0aae84cbcf3b8fc61

    • SHA512

      3c7612232f1f8ec8a51745fa3593bae9e8351849bee1de34ff341c33583c7e39a6313ea28260797a97c4c64cad781931f80965ea0fd1c05b772a1d6b00332d8c

    • SSDEEP

      768:cM85TLOVEVU3SGgmAms+SBED+tSklU+EF:c1JO6VU3ZymWBUP

    Score
    1/10
    • Target

      edit_insulin_local.html

    • Size

      1KB

    • MD5

      bd79c33de563833c2964df05bf71082f

    • SHA1

      5de4fb1397af8410b28696572cb0e7260d266003

    • SHA256

      a5e73c51212b21c1046a77882673f0c2cce8c5851f78ea6dd4924ca7d1ee566f

    • SHA512

      5b3e3be332146401133d43574021c7cd28b52fe6660f5b6877b6db449c0ec208fc7ad3d4661ed4c88f63ee28dd8d8dbd2415bca40c62eb5ee18fa40040a077a6

    Score
    1/10
    • Target

      edit_labels_local.html

    • Size

      1KB

    • MD5

      d3f96ad2d65e65ddccd0ebc7b31734fd

    • SHA1

      ade1b020eb11ab2ad5935c1ea6e311ecd27756a2

    • SHA256

      2697e2d2abec0dfb176a9f3d0664d8a2df1867e503cc8739ef01c467a6572bb6

    • SHA512

      11e085c5f202053d767a1bede4c32f711f8f77e67f86d3f63d560ebdb9232e2c1feb3ac4a0b525253e4d54a557a346850bb9c4335e2fabc76b8f58c5c9c809ba

    Score
    1/10
    • Target

      edit_medication_local.html

    • Size

      1KB

    • MD5

      601fbf21cb68f72f9c04f46e8047c31f

    • SHA1

      0ee7e08f3c0c86056bcfb9417cf37a2a62ac922e

    • SHA256

      0bcfdeb14fb71a4bb5e13db233faa1792ac4b18f1c769634cf9791dda4f87db4

    • SHA512

      739922a1171f3ee40cc6cf8b0f8d293962fa376bc02bb3f713976b0815fcc8ec44a2b25e92ec60eaef35dfc50c16331672560c4fc606eaf37d5e664257b5f6da

    Score
    1/10
    • Target

      edit_tracker_local.html

    • Size

      1KB

    • MD5

      829e307fee543203f205da867683e4d8

    • SHA1

      c93c4c81b6bf30ec3e4fe7c0da4a550ba29e5fd6

    • SHA256

      61a79942092e1d3685ca18930e82cc56697e81e432a185a0298fde79fcfe396b

    • SHA512

      61007e65a212858c355c9cff799fea23cf0032f5cefb31a3a45080463e707e34da0dc14cd51b6a099ebcec9c1b718aa2a749550864c04c2e25f3a7e02f6c6753

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
7/10

behavioral1

alienbotcerberusbankerevasioninfostealerratstealthtrojan
Score
10/10

behavioral2

alienbotcerberusbankerevasioninfostealerratstealthtrojan
Score
10/10

behavioral3

alienbotcerberusbankerevasioninfostealerratstealthtrojan
Score
10/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10