alienbot | 7142344ff1efa338898a69da6c5081007223717b01b3f4d6207cecb9f646aab0 | Triage

Sharing

General

Target

7142344ff1efa338898a69da6c5081007223717b01b3f4d6207cecb9f646aab0.bin
Size

3.1MB
Sample

231106-1w181aff6s
MD5

b1f4cb2c134e42e1c26f333097e17e56
SHA1

7fcfc163fe3f8bf5a54e38fe21ce559d6cafcd40
SHA256

7142344ff1efa338898a69da6c5081007223717b01b3f4d6207cecb9f646aab0
SHA512

c058f040f08f8ecd89498d0b86d24e6519cb7d46d594e50adcff54d08419eb025d49c3be1cdb4b5362800a574e67c33712046d927c06853f3f54f409aa503783
SSDEEP

49152:h7KMzjB309sF4vt5HW7zDC4SvQvM2rIg5ZNMErWfPzODZTq81hSjA3y:FKck6mV5mCgvM2rT5NrLlBjEAi

Score

10^/10

alienbot cerberus android banker evasion infostealer linux rat stealth trojan

Malware Config

Extracted

Family

alienbot

C2

http://buuncanlidersvarmi11.com

Targets

- Target
  
  7142344ff1efa338898a69da6c5081007223717b01b3f4d6207cecb9f646aab0.bin
- Size
  
  3.1MB
- MD5
  
  b1f4cb2c134e42e1c26f333097e17e56
- SHA1
  
  7fcfc163fe3f8bf5a54e38fe21ce559d6cafcd40
- SHA256
  
  7142344ff1efa338898a69da6c5081007223717b01b3f4d6207cecb9f646aab0
- SHA512
  
  c058f040f08f8ecd89498d0b86d24e6519cb7d46d594e50adcff54d08419eb025d49c3be1cdb4b5362800a574e67c33712046d927c06853f3f54f409aa503783
- SSDEEP
  
  49152:h7KMzjB309sF4vt5HW7zDC4SvQvM2rIg5ZNMErWfPzODZTq81hSjA3y:FKck6mV5mCgvM2rT5NrLlBjEAi
Score

10^/10

alienbot cerberus banker evasion infostealer rat stealth trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Cerberus payload
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
  stealth trojan
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3
- Target
  
  aps-mraid.js
- Size
  
  10KB
- MD5
  
  ba641d5ca2a5017fd68987c6ded60539
- SHA1
  
  c42a5765c381aa86584d7e868ac449c1bafcdcb7
- SHA256
  
  943ebcd23c85774d0de6b30409b974021b4b83569cd524c5df2d8f397c504f29
- SHA512
  
  65e0a4ce7e17e51661570f38d090dba16bfcdb596925bb2800afa422526a115a16edc7762a5b179e806f8144213fa2f1269e87c6cecd8f7c805455f5db2fb447
- SSDEEP
  
  192:KiCDJIp5LQHMHP2i69SyLMnbcXn4+r/MH8CGgVHGl2yxSWfVwDE/:KJ+vQHoP2i6XMnCjMcCGgVk2S3NP
Score

1^/10
behavioral4 behavioral5
- Target
  
  calendar1.html
- Size
  
  605B
- MD5
  
  0b2becfce83dbcd774148db25c25e0c9
- SHA1
  
  35ae6b30163ac494e4bc55bf638d42e42389c9da
- SHA256
  
  4cbd0bb1ef23270a42844d84f91d7be6df5fd47bdbb09a82145cedb968418f36
- SHA512
  
  3d87493a8b778139d0c559b1961309f3a62505b81dd52fa473eb59db607261ade291a99b25d724a22649b82d02e7849aa78ccff5b58d04053677ba739f596939
Score

1^/10
behavioral6 behavioral7
- Target
  
  circle1.html
- Size
  
  531B
- MD5
  
  27befb9b3a8eb28ab7022e08971e820a
- SHA1
  
  c638a0b55ecf1584239eea486786251e297ec951
- SHA256
  
  b87c4296246676ce5e62533d1931fa43718a85a5e493c080ed6790957de22ab2
- SHA512
  
  15e482c90301580c140f4f1f6e26562f6486881e55b1f34521a79460c9ccf483b16c2e567c4deac026c6d8a8bd29e8dda19e064fbe81a940c577eb32d8c135a6
Score

1^/10
behavioral8 behavioral9
- Target
  
  dtb-m.js
- Size
  
  13KB
- MD5
  
  17d5556290f824b58a130e7f6a5db5d8
- SHA1
  
  3eafe6f52c5b153ed19cbff77eb8d1877327a736
- SHA256
  
  1c4e3003755d1a0d72116458dff81df000f053894e64f60459a544eeb6f055ab
- SHA512
  
  007009f03e0b3d677dcc4690e99908e33812c3c370d637126a6c0b42bc9b514dbec4f7aa2505769d5111b743ef7da57c912930870622133d6d200c905ec582de
- SSDEEP
  
  384:LHJ2kLj5UGeSiJsAJcehNBjjV1Td1Zlts+d6I7:LvdMWAPpj51PZlts+d6I7
Score

1^/10
behavioral10 behavioral11
- Target
  
  fyb_iframe_endcard_tmpl.html
- Size
  
  521B
- MD5
  
  331ab67d131439c4c50e02a3d7445008
- SHA1
  
  675ac8d91e0a2fe211d49a8e42f20f018c4bd50c
- SHA256
  
  efdac80cdb4576d2e0d93512348e9dbdb06e69e23a1db81838dc5e40a16715d9
- SHA512
  
  eba60283d7d5562d3e27a9d5f9f382de621474796e68c4c7b8bf06fd20b081f5aa657ab58d988f40e76883eb8459e3b44f8f31f10424f6d181bffc3c28041e04
Score

1^/10
behavioral12 behavioral13
- Target
  
  fyb_static_endcard_tmpl.html
- Size
  
  2KB
- MD5
  
  185ce640c188cc750a44a523286daf11
- SHA1
  
  3c9be61b29d31de7dc5c337f26657d9721bf0104
- SHA256
  
  1484d0b59ea6bc28884c792908a9bdbb4670b82e8cf3feced3c5da14e03bfb32
- SHA512
  
  083116103c35f28bf7151b72abc0ab102b313edf641f1a34a30fe9d41b2cb73a29601a6da468173ee1a890f9f905cb0bb6e053966580e911f0b1ef232f93007c
Score

1^/10
behavioral14 behavioral15
- Target
  
  libc763d2.so
- Size
  
  74KB
- MD5
  
  ef571ebc03e450bfa9be317d160b0497
- SHA1
  
  c2242404f91f35d587dc3b693a8d1b41dfe2d1d9
- SHA256
  
  b07eb9bdba1ca7bc39de0f6cef8fd20f5a0e3e8735771cf1303396bdb0827ff4
- SHA512
  
  5815202555b5c683dd34f90aa2df1fa782c08fb7477f1e7418b5fc0c92ebdebb7f1c6394e62764337eaa0e3cb3c3f00d38fa786abdda7dc8af87c650a6b1f9d6
- SSDEEP
  
  1536:3kfjr47mhFjSxsqSIOmEBYf+JGNMvBaBKHvo59kkxHxIlQAIQWLS:3kA7mhKsmm8QHA59k1Hv
Score

1^/10
behavioral16 behavioral17 behavioral18 behavioral19

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

alienbotcerberusbankerevasioninfostealerratstealthtrojan

behavioral2

alienbotcerberusbankerevasioninfostealerratstealthtrojan

behavioral3

alienbotcerberusbankerevasioninfostealerratstealthtrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19