alienbot | 3f39c2fc43173b203a6a0b0331adb6ad265f0ee09fbab56ff25f18dec4fb805b | Triage

Sharing

General

Target

3f39c2fc43173b203a6a0b0331adb6ad265f0ee09fbab56ff25f18dec4fb805b.bin
Size

3.3MB
Sample

231119-1wth6aca89
MD5

edd5463d40b2df8261e5d83d1dd817ed
SHA1

771f4a6cbba22aa24ceb962196693afc3a4ea1aa
SHA256

3f39c2fc43173b203a6a0b0331adb6ad265f0ee09fbab56ff25f18dec4fb805b
SHA512

b0cc13b6d0c25d512ccf1a9f0dda89a06bd2a505a98cf6c94d857b8954cb7650c7c8759e62d0dbaf9f5a4dbeca8ce5369036f611b7cd2d36f6291b15ccfd1595
SSDEEP

98304:rJuyrXzkstBCQWIxchONDDs9VxQfk/uTAeM:rYyrXzkO2802f0UM

Score

10^/10

alienbot cerberus android banker evasion infostealer rat stealth trojan

Malware Config

Extracted

Family

alienbot

C2

http://194.163.161.72/

rc4.plain

Extracted

Family

alienbot

C2

http://194.163.161.72/

Targets

- Target
  
  3f39c2fc43173b203a6a0b0331adb6ad265f0ee09fbab56ff25f18dec4fb805b.bin
- Size
  
  3.3MB
- MD5
  
  edd5463d40b2df8261e5d83d1dd817ed
- SHA1
  
  771f4a6cbba22aa24ceb962196693afc3a4ea1aa
- SHA256
  
  3f39c2fc43173b203a6a0b0331adb6ad265f0ee09fbab56ff25f18dec4fb805b
- SHA512
  
  b0cc13b6d0c25d512ccf1a9f0dda89a06bd2a505a98cf6c94d857b8954cb7650c7c8759e62d0dbaf9f5a4dbeca8ce5369036f611b7cd2d36f6291b15ccfd1595
- SSDEEP
  
  98304:rJuyrXzkstBCQWIxchONDDs9VxQfk/uTAeM:rYyrXzkO2802f0UM
Score

10^/10

alienbot cerberus banker evasion infostealer rat stealth trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Cerberus payload
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3
- Target
  
  about1d.html
- Size
  
  445B
- MD5
  
  3eb4ad1622faf2b69fc2dcf8f7bd51bd
- SHA1
  
  e61891d6cbab9c52ffd25f94007a2ed12119f0ec
- SHA256
  
  a898213a2328ba3270055ca3883098f6fc75f6b88c90527d2d8d5d7212f4d5be
- SHA512
  
  1e9b0f69cc8ade011c911b995de5e52bcf02dab0153fdebb1a60250cc603693d1ca0c9bd6abf80679834f7bbcf66791bf8ed076ef40f4fd6618223dfacdd8060
Score

1^/10
behavioral4 behavioral5
- Target
  
  about2d.html
- Size
  
  500B
- MD5
  
  d24878534b76beee9e9d1418bbdf44c1
- SHA1
  
  4b0d80de54c5bda3717347047295bb499e9e10c9
- SHA256
  
  4d47446de41089c864ae38f6c91296f8b7f0a2f84d8310ee077cd1f8a56f5810
- SHA512
  
  e48dbd4d084b43c568bee15854d214920181c750a4b0ebf3ae217f0ec6b73c44c23127a930f38f4630ab8f2dcbcbe2479c82c2b6fe6a336f1c1dfa1fa9b16bf3
Score

1^/10
behavioral6 behavioral7
- Target
  
  index.html
- Size
  
  18B
- MD5
  
  c50002b30f2db7e33045a6ef53f94b46
- SHA1
  
  84346b72d78331cf3909638329cf227f912d5822
- SHA256
  
  04c6d962335c2da8d837eb14f48f77019f3d71c1d09bc2db067751137f9c8746
- SHA512
  
  d8635d4fd501efcba4dde964bfc1f38d022616b11a94f3f88e31be270e5712268772d8c9573571b16a1bb7c26e0b60516b241bf8e843f123e80050306a5b11a3
Score

1^/10
behavioral8 behavioral9
- Target
  
  scanning.html
- Size
  
  932B
- MD5
  
  4eb1438a31e0854a8b2f9a995d8aa2a8
- SHA1
  
  b0fd05edcaa992475a021c1fcc3e5ee552c3104d
- SHA256
  
  fc0be28e99df9e7b946e8f4292167b38659cfba0d57105f55ec73cda3ba8b8d8
- SHA512
  
  5d60ef243d8e7314087b510be5190e7b4cb9d5fdcf8253958d27fab08d4f0bd69c8fbfcb2d39e9e01c85376824ed384925b02024f12f674d334aee859e4145ac
Score

1^/10
behavioral10 behavioral11
- Target
  
  sharing.html
- Size
  
  908B
- MD5
  
  d7f970599142df2f70b65b588d3f2cea
- SHA1
  
  038baea59834e1531d91e4f6f87e05a37146c68f
- SHA256
  
  206899af0c080bd16541278d9ce439f9ae3debb6b3e3b0d0b0c49a14c1708a72
- SHA512
  
  3d4db4abcbc425c5d2946e43905f0df0b2edf0861a9b09a5e41d73120ddc345bfcc96934f859a22e72e399deee16f3358b75186ef7f87fef42d43a0001147eab
Score

1^/10
behavioral12 behavioral13

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

alienbotcerberusbankerevasioninfostealerratstealthtrojan

behavioral2

alienbotcerberusbankerevasioninfostealerratstealthtrojan

behavioral3

alienbotcerberusbankerevasioninfostealerratstealthtrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13