alienbot | 45f01f69b0c5b25a3c90808eb889d4c649087e72668edb90b9d982b2dfcfe87e | Triage

Sharing

General

Target

45f01f69b0c5b25a3c90808eb889d4c649087e72668edb90b9d982b2dfcfe87e.bin
Size

1.5MB
Sample

231127-1wxktadc7v
MD5

86578d94e97a1043846bda311e04da45
SHA1

1364d63e90796d1d9bdb42a0fe18ae4dbb8c6106
SHA256

45f01f69b0c5b25a3c90808eb889d4c649087e72668edb90b9d982b2dfcfe87e
SHA512

afc60a9f453c2fd0d942c00c443770f465ce66db4059a5f979942aea5efa3e05bf507621d5011747228c4ad47d2a83a11e0935ec44727f2ea09b4f0d92a6b54f
SSDEEP

24576:xrWlX8lXWiPz3K8kNxivwgJrbqFvo4zzuABpIpMvb/YRAC7GnnUOdhvj5a0ekp1R:2Pew2xkPBpJvjC7qUY59/eoFD

Score

10^/10

alienbot cerberus android banker evasion infostealer rat stealth trojan

Malware Config

Extracted

Family

alienbot

C2

https://ukalasahne.net

rc4.plain

Extracted

Family

alienbot

C2

https://ukalasahne.net

Targets

- Target
  
  45f01f69b0c5b25a3c90808eb889d4c649087e72668edb90b9d982b2dfcfe87e.bin
- Size
  
  1.5MB
- MD5
  
  86578d94e97a1043846bda311e04da45
- SHA1
  
  1364d63e90796d1d9bdb42a0fe18ae4dbb8c6106
- SHA256
  
  45f01f69b0c5b25a3c90808eb889d4c649087e72668edb90b9d982b2dfcfe87e
- SHA512
  
  afc60a9f453c2fd0d942c00c443770f465ce66db4059a5f979942aea5efa3e05bf507621d5011747228c4ad47d2a83a11e0935ec44727f2ea09b4f0d92a6b54f
- SSDEEP
  
  24576:xrWlX8lXWiPz3K8kNxivwgJrbqFvo4zzuABpIpMvb/YRAC7GnnUOdhvj5a0ekp1R:2Pew2xkPBpJvjC7qUY59/eoFD
Score

10^/10

alienbot cerberus banker evasion infostealer rat stealth trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Cerberus payload
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3
- Target
  
  libEncryptorP.so
- Size
  
  77KB
- MD5
  
  4fb755e878b726862ffe6c02fe058357
- SHA1
  
  151ed7adc167064b3f99853dcce4ac0c08bd3167
- SHA256
  
  1d990f3f20cac7113c5db47867467e5dee955d5e152dbfeb80963f6eb93cb61a
- SHA512
  
  28eea5538b12b0b10c4b9c2b83d5254cf99cfe0cf751aa497dba4b3847444c202bbac9264e5212b69afd03ed610a2c67a762507a7a6c8c398e66b7b06b9b84a7
- SSDEEP
  
  1536:3Y8ej6kD8ej6z8ej6bpm95VZdmQwKsh444Z444JLS4Aq7:3Y8G6kD8G6z8G6F6dsiU
Score

1^/10
behavioral4
- Target
  
  libapminsighta.so
- Size
  
  85KB
- MD5
  
  93d401f38dd870dcff202d297d764832
- SHA1
  
  7b49b82709308954a6533d4ef285824632ac6f16
- SHA256
  
  f43718ae78b9721fea3550f3b5726b96775de15c681184fb3ed3284167bd3072
- SHA512
  
  13adf160f70e598f09fd126733e56e27601f084c6799d3668912628899c779e454bdd9d5a6fad7ad14e2e4b9c27b3b27c02a85ea2bea520f3e928f84be45af81
- SSDEEP
  
  1536:D9f3+17jGYgaxGX6GNql5D7H6OTx+tusrAkWCrR59OUhpyJ6SeKlh:D9fIjGNaDV+Ys1/9beN
Score

1^/10
behavioral5
- Target
  
  libapminsightb.so
- Size
  
  85KB
- MD5
  
  cc27b30c83500bf889a930ed86565ad3
- SHA1
  
  8a1c6f8e9efef3bac79074dee0401aec0a2b6948
- SHA256
  
  d36d3b0806b0a47ad5dac848ea2a5b5eca201e8cbe5ae72643bd3c38cc7af8c5
- SHA512
  
  2a20b20522bd94b61ebf678fa0544e19ff9ea4e5e5b9c6f32115185ca01165f384402f28a7a3355b22bac824848b7b6911e74483acf9b152d7aef2b3787e9903
- SSDEEP
  
  1536:uQ7itfsoSmSsDLIofeGfHs/fasLCve5VR/GaqDfNoTENT0MEA5q:TVMLIo/fsHm5bEyq
Score

1^/10
behavioral6

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

alienbotcerberusbankerevasioninfostealerratstealthtrojan

behavioral2

alienbotcerberusbankerevasioninfostealerratstealthtrojan

behavioral3

alienbotcerberusbankerevasioninfostealerratstealthtrojan

behavioral4

behavioral5

behavioral6