alienbot

Sharing

Copy URL

Twitter E-mail

General

Target

1c7d235a525c32568344edd0a93ca21ee9f8a30a91d7af2bc0aeba0cea1b5a2c.bin
Size

2.7MB
Sample

231018-1wy4msdb54
MD5

b1eff3478423519bde22fbe1cb2cbe25
SHA1

0fc4e8eb2f7f53778175d9c2b3d98d212b65b06a
SHA256

1c7d235a525c32568344edd0a93ca21ee9f8a30a91d7af2bc0aeba0cea1b5a2c
SHA512

9d335b6bbe6902b6082c1f17cf5a0010ace25c6e1e2bc118661bb10ec99dabc45415e8baa9efa2f559c7d236483fd6d8335780a0cec58d059fd1993a21866581
SSDEEP

49152:D9MRHe66OlvLxIQq8YBg9f4dtUgP+21JuFzEj3Lkbeh/I2zW3lgcobx3FWhLN:4e3OVLx3q9BsQDUgX3Kwj3LOexIYW3l9

Score

10^/10

Malware Config

Extracted

Family

alienbot

http://1natetboxs.net

rc4.plain

Extracted

Family

alienbot

http://1natetboxs.net

Targets

- Target
  
  1c7d235a525c32568344edd0a93ca21ee9f8a30a91d7af2bc0aeba0cea1b5a2c.bin
- Size
  
  2.7MB
- MD5
  
  b1eff3478423519bde22fbe1cb2cbe25
- SHA1
  
  0fc4e8eb2f7f53778175d9c2b3d98d212b65b06a
- SHA256
  
  1c7d235a525c32568344edd0a93ca21ee9f8a30a91d7af2bc0aeba0cea1b5a2c
- SHA512
  
  9d335b6bbe6902b6082c1f17cf5a0010ace25c6e1e2bc118661bb10ec99dabc45415e8baa9efa2f559c7d236483fd6d8335780a0cec58d059fd1993a21866581
- SSDEEP
  
  49152:D9MRHe66OlvLxIQq8YBg9f4dtUgP+21JuFzEj3Lkbeh/I2zW3lgcobx3FWhLN:4e3OVLx3q9BsQDUgX3Kwj3LOexIYW3l9
Score

10^/10

alienbot cerberus banker evasion infostealer rat stealth trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Cerberus payload
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3
- Target
  
  chartjs-plugin-zoom.min.js
- Size
  
  8KB
- MD5
  
  6182d3e89efa6e8829db2b95c7fc9619
- SHA1
  
  113b1c86ebfebef505faa5defd3f2f366d50416d
- SHA256
  
  620e92db82fcd34cb3e5ca35349d9dc3ac4518ae0ccfbc5081bf9c158db64d4d
- SHA512
  
  6b58a8102b1c5a879c6ff80cb19017d8a00e9bcf0c941e2eb8d5cd5cc8c021234bff18c8eecfdf2f7892c166e66e971364614d507990184478b77c0a31ab457e
- SSDEEP
  
  192:e+awl8ze/+YruqARRY+j2FtuOSmaZHm1xa4j2MGx++yXVUYD/h:xll8CtTikaVuTjJ5
Score

1^/10
behavioral4 behavioral5
- Target
  
  hammerjs.js
- Size
  
  20KB
- MD5
  
  ba3c8e74eaad26674534502bd676b0e5
- SHA1
  
  64d6dfa0dc3cdaec3cea91fdab00cb2a418e3c3f
- SHA256
  
  6bbdfdd7190ead65a89cae52f7129d13cec4bdaa5f1f8cd180ce75231b3ab4d4
- SHA512
  
  430281a08d88c85eadc65fd434c3096ef7f1e5c5b76caec3bf35a763457f0e27d3cea507b804aef8ea6ed4cc65a4dfd2d3ce182069129733286f068fa2df85eb
- SSDEEP
  
  384:mb5vj+l3jfaksTAAvNWUwLATFqACns+CSHDJDLrp:i5vj+5jfSTtrTFqACs+CSHtDx
Score

1^/10
behavioral6 behavioral7
- Target
  
  jquery-3.4.1.min.js
- Size
  
  86KB
- MD5
  
  220afd743d9e9643852e31a135a9f3ae
- SHA1
  
  88523924351bac0b5d560fe0c5781e2556e7693d
- SHA256
  
  0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
- SHA512
  
  6e722fce1e8553be592b1a741972c7f5b7b0cdafce230e9d2d587d20283482881c96660682e4095a5f14df45a96ec193a9b222030c53b1b7bbe8312b2eae440d
- SSDEEP
  
  1536:yTExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZlOPma:ygZm0H5HO5+gCKWZyPmHQ47GKe
Score

1^/10
behavioral8 behavioral9
- Target
  
  libalog.so
- Size
  
  85KB
- MD5
  
  9c48fd1fe618ccb8e4ed9e03c8966585
- SHA1
  
  dd078380b23e77a0434d38b945c29078836a7dc3
- SHA256
  
  60d1ac4232db388b87baf0fbcb2057657791caf3c7fddacced54c971e9b8d99c
- SHA512
  
  e28a5ab16efce77b48b4d69f867a518866abb23a6c1455262c3abcc38b013fa36dec172f2c833166648bdefbafa3cdc713f9e2df2a6289f07128f5235864ff1e
- SSDEEP
  
  1536:z6AntjNn/qMrE064jooBORCkCqunbObAXcE40/GMKXKu7MqV:z6uxF/qMAx4EoBOzZunKzG7+3x
Score

1^/10
behavioral10
- Target
  
  libapminsighta.so
- Size
  
  85KB
- MD5
  
  93d401f38dd870dcff202d297d764832
- SHA1
  
  7b49b82709308954a6533d4ef285824632ac6f16
- SHA256
  
  f43718ae78b9721fea3550f3b5726b96775de15c681184fb3ed3284167bd3072
- SHA512
  
  13adf160f70e598f09fd126733e56e27601f084c6799d3668912628899c779e454bdd9d5a6fad7ad14e2e4b9c27b3b27c02a85ea2bea520f3e928f84be45af81
- SSDEEP
  
  1536:D9f3+17jGYgaxGX6GNql5D7H6OTx+tusrAkWCrR59OUhpyJ6SeKlh:D9fIjGNaDV+Ys1/9beN
Score

1^/10
behavioral11
- Target
  
  libvcnverify.so
- Size
  
  13KB
- MD5
  
  5be95d7d1e7eec0323f56559e1788919
- SHA1
  
  0163d15f83168e36d4af067a0c5f6faa63c6c013
- SHA256
  
  373bff62cc1d3c588878f938df42235800fe0b1d8889c67b56625a24421c3a83
- SHA512
  
  5920f1a2235356a89d61eee5e41a5599b97d10a062b5b55abba988ee7a0c70cd21b31725e1f0adf505586abd01e19d6f317ff3fb00bc0f71a19b636ea243a76c
- SSDEEP
  
  192:JWHhtuhm9VUrmdykvFxmxvU7MKhMCORvjc2H5rV3/vgY:JWHp7vFoqhMCOVjvVgY
Score

1^/10
behavioral12
- Target
  
  libvcnverifylite.so
- Size
  
  17KB
- MD5
  
  fb275cd918376ff46133e1d925c21de1
- SHA1
  
  02b9773e12009f99a2bcd9284d36ce997820d7fa
- SHA256
  
  6a550c34877c7681a177a517356c1de221a3d787e7f3a8950b6c3851e206fdb3
- SHA512
  
  c9304a9dfc856138a1942c2e18dcccd8d276505f286f767a7fc9ebe015b9a049c74973f45d69e9c571e09a1731bc1d4b31a3a4edb9d39fccb40d4307b7da2016
- SSDEEP
  
  192:nkHhiHmrebgmaKOhwJ9vqlBwW5fAE5cyWy/GN4simkSULKaEAKKhvCORvjcIiIwG:kHrUMwVEWqwMuchvCOVjTnP
Score

1^/10
behavioral13
- Target
  
  libvctfo.so
- Size
  
  13KB
- MD5
  
  0efe5933ceb6e0b048916aadf60ffa1e
- SHA1
  
  cb62bd1f28f9cc3d360a11efbc389401bdebef3b
- SHA256
  
  e14e5589497eb0a1c542b506eb3b1892afda010e2a8c8ca102d89a9785740ab5
- SHA512
  
  a0660e77bad36d4c9ddaed40369a2563dff5ad3abb90112e751269fe46c024d5669de43bee92a9cef4132d76865ea5e260d007f73e23fd3eb783b7b8334b98b6
- SSDEEP
  
  192:4kyZvTWK7QmA9GfRA8lOlRdBuxYjpjqZbqNQqe3C83kEgh+zoBaeXD/o9:43RKK7nAUJvkndeYNGZb8QxoXTe
Score

1^/10
behavioral14
- Target
  
  libvideodec.so
- Size
  
  37KB
- MD5
  
  dfcce6a86ee920754f6a8dd93dd9d1f4
- SHA1
  
  5e45413868a9ef17ac70e7af36b6886776954b96
- SHA256
  
  5c8e1e58a812668e6651aaa2cf0985258386d5f296a75dbf92d39136216e0837
- SHA512
  
  53559c685720d0df7c1acbc4f7c96464345f3dbdb75dff52cb90134d883aac83b1fe6e2d2dc1385987b8c4f608205756bebea757b4afb93ef985fcf5c0e14b75
- SSDEEP
  
  768:7XY41gyZkrZz3lrMY7444z8zBmxx0bLS4A4JeUyh444OR:7XY41tZkrZz17444JsS4A/h444i
Score

1^/10
behavioral15
- Target
  
  libxz-main.so
- Size
  
  5KB
- MD5
  
  84e56f925faa5a4908911c7664a09e61
- SHA1
  
  d762f07c0c3e72b6aa3e73f2da1eee560dbc4929
- SHA256
  
  3b29f7ad0604f99d7c6af7d13bfdde0919a520add8c8ade699ce6c238e57c9b8
- SHA512
  
  554bff1cf709164a017ab69302e597934bab3cc367a87bbdd3718e2038bdf3c29ba60498ba2290ca14812a600dab1ea406dbd59d76501f09590d6b360ae3074a
- SSDEEP
  
  96:61przPaZnaaxr4YmKUlMbG7I62oYoUzV7fOZL:6PvaZauzUlO62Y
Score

1^/10
behavioral16
- Target
  
  libzstd-jni-decompress.so
- Size
  
  63KB
- MD5
  
  71b79cb9cef7c4833de0db311fd4f7b0
- SHA1
  
  bf3b310a5e91a4a7e7b9a1925257fbc826031f70
- SHA256
  
  415462b2df9a219d5f5b9ae1578cf6a1f6b14a3fcc214d8d67c3e0d3db03853c
- SHA512
  
  d0d6a67b8c14746d5f468a26724109350d7e4f542e8a1d2cde65468faaab5a01f350210a837c11edcf226a5b46a446966f2fd4de6e9659c854f8997cbc27753b
- SSDEEP
  
  768:sP2rww8zLgp1qiyN4ogcHM2gTyihy7HPecXq8ngQW+vKoGvkx40YNDMR:sBc1VyN4odMRmisasqiWzoG8x0NDs
Score

1^/10
behavioral17
- Target
  
  template.js
- Size
  
  284KB
- MD5
  
  53278962de829f69a7198dcfefc508b7
- SHA1
  
  67c101a8ae6c80cf8477ad882ef7c32aa35cff78
- SHA256
  
  7be6b4feb3fbb34bbbca50d38228a02277969355d03f588f8316cd5954f3683d
- SHA512
  
  d1474c6a097de8a113459a9b2e3e3a2013fb0969ef7a10d29b6c18b4f18d60851899421ed2e02bc9853e66ba38f8c2124d883c984ef9ff0ad4f9e804bcd93199
- SSDEEP
  
  3072:FY1UCly6CkCYJT5BdPAUfBUlVQZbU8CB24iQqSNBYTsXNV0QnK3HwbNMFg:ElvCkCoB1AU+lVQZbUj7iQNNBaXgMFg
Score

1^/10
behavioral18 behavioral19

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Cerberus

Cerberus payload

Makes use of the framework's Accessibility service.

Removes its main activity from the application launcher

Acquires the wake lock.

Loads dropped Dex/Jar

Requests disabling of battery optimizations (often used to enable hiding in the background).

Removes a system notification.

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19