alienbot | c4ac30e739c0fbd4433ac9cfca548ed542f965607b1dc8327ca22a91efb4e12b | Triage

Sharing

General

Target

c4ac30e739c0fbd4433ac9cfca548ed542f965607b1dc8327ca22a91efb4e12b.bin
Size

1.6MB
Sample

231128-1w649ach88
MD5

78fcc1c848322d1c3a7e3eacf0b323ef
SHA1

4acef91590d42560e0a0d07b9ac9efd10fb1a570
SHA256

c4ac30e739c0fbd4433ac9cfca548ed542f965607b1dc8327ca22a91efb4e12b
SHA512

ee1b43c712c268d6bc13312618773489229cf8deab12faa057cd13cc9f405f534cd6e9ec48654e377951c749909384117ab3e0e567cb79417fe558ce6ad1fddc
SSDEEP

49152:2jUQbGMOlalLHVCKfx+P5N5uFfB4hHLm5QUHDIemZWhLHDS:EUblaxfx85KGhHL1UHcemMFu

Score

10^/10

alienbot cerberus android banker evasion infostealer rat stealth trojan

Malware Config

Extracted

Family

alienbot

C2

http://talatlarholdngltd.net

rc4.plain

Extracted

Family

alienbot

C2

http://talatlarholdngltd.net

Targets

- Target
  
  c4ac30e739c0fbd4433ac9cfca548ed542f965607b1dc8327ca22a91efb4e12b.bin
- Size
  
  1.6MB
- MD5
  
  78fcc1c848322d1c3a7e3eacf0b323ef
- SHA1
  
  4acef91590d42560e0a0d07b9ac9efd10fb1a570
- SHA256
  
  c4ac30e739c0fbd4433ac9cfca548ed542f965607b1dc8327ca22a91efb4e12b
- SHA512
  
  ee1b43c712c268d6bc13312618773489229cf8deab12faa057cd13cc9f405f534cd6e9ec48654e377951c749909384117ab3e0e567cb79417fe558ce6ad1fddc
- SSDEEP
  
  49152:2jUQbGMOlalLHVCKfx+P5N5uFfB4hHLm5QUHDIemZWhLHDS:EUblaxfx85KGhHL1UHcemMFu
Score

10^/10

alienbot cerberus banker evasion infostealer rat stealth trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Cerberus payload
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
behavioral1 behavioral2 behavioral3
- Target
  
  CheatSheet-Algebra_zs.html
- Size
  
  55KB
- MD5
  
  2c5cccb517b741613ad2c1f7a1cdfd85
- SHA1
  
  d395a1fcf335361ceffffc6804af5bc8ec6a7cce
- SHA256
  
  f7e09bba5c901b4c216d77fa99ff7b79e970a0578ae32be9ee67c3daf880d59c
- SHA512
  
  83dad758cf7fbadd1aa2450353c57aafd9ec3e94144c3a9848156a5b9ae37c95b5d48e86fa17b666588f1871af6a203e8ba3abbabf77e10f16836d65e65d8ee8
- SSDEEP
  
  768:omnahvTUXSAYQ/zrwdR6Aml9LOOJFP+VH0G8SY0ANEn3:z27U8JuFP+VnlYTNO
Score

1^/10
behavioral4 behavioral5
- Target
  
  CheatSheet-Derivatives_en.html
- Size
  
  53KB
- MD5
  
  d6bf9278235b23333343406fbcc54f86
- SHA1
  
  908bba9889396c96c7c810f473393f762a3d597b
- SHA256
  
  81416cb4044ae2a837178c40461011003844b35fc729da0e21f1cb2665eea077
- SHA512
  
  13e6269c45df43bb511650c01ad9b46dcfaedb682ce86f997011d1c25538a8616dab3f8d12ebe5bbff38ac0f3b06bb240c961f216ad6d2709c19ce2fbacb2c13
- SSDEEP
  
  768:owA5EcMq/LbOZfUjACkVv6d4UkDmObCf3pv7gefRMCaOGLwBrSVJBuT:w5HMqTbOUoDmObo5v7lRYJLwBrSVJBi
Score

1^/10
behavioral6 behavioral7
- Target
  
  CheatSheet-Derivatives_zs.html
- Size
  
  51KB
- MD5
  
  474fb21ed6466ad2aed3f7a5d3cc490d
- SHA1
  
  24cdbaec78c1c2a3b409af9253f0e896d28a9f71
- SHA256
  
  2c7af38860a1c0b8430499d5ebf66a2582e3b71c50687c304faf4f1f4b4463a6
- SHA512
  
  cfc6721a73e96059ae7f95e32635e03fb0ab64421a62c527ddeec153e283c03013f413a065b6bc32d9f716e75bb21deeb291a1b15697d996d9d059b354a20bff
- SSDEEP
  
  768:omnahvTUXSAYQ/zrwdR6Aml9LOOJFP+VH0G8SY0ANC:z27U8JuFP+VnlYTNC
Score

1^/10
behavioral8 behavioral9
- Target
  
  chartjs-plugin-zoom.min.js
- Size
  
  8KB
- MD5
  
  6182d3e89efa6e8829db2b95c7fc9619
- SHA1
  
  113b1c86ebfebef505faa5defd3f2f366d50416d
- SHA256
  
  620e92db82fcd34cb3e5ca35349d9dc3ac4518ae0ccfbc5081bf9c158db64d4d
- SHA512
  
  6b58a8102b1c5a879c6ff80cb19017d8a00e9bcf0c941e2eb8d5cd5cc8c021234bff18c8eecfdf2f7892c166e66e971364614d507990184478b77c0a31ab457e
- SSDEEP
  
  192:e+awl8ze/+YruqARRY+j2FtuOSmaZHm1xa4j2MGx++yXVUYD/h:xll8CtTikaVuTjJ5
Score

1^/10
behavioral10 behavioral11
- Target
  
  hammerjs.js
- Size
  
  20KB
- MD5
  
  ba3c8e74eaad26674534502bd676b0e5
- SHA1
  
  64d6dfa0dc3cdaec3cea91fdab00cb2a418e3c3f
- SHA256
  
  6bbdfdd7190ead65a89cae52f7129d13cec4bdaa5f1f8cd180ce75231b3ab4d4
- SHA512
  
  430281a08d88c85eadc65fd434c3096ef7f1e5c5b76caec3bf35a763457f0e27d3cea507b804aef8ea6ed4cc65a4dfd2d3ce182069129733286f068fa2df85eb
- SSDEEP
  
  384:mb5vj+l3jfaksTAAvNWUwLATFqACns+CSHDJDLrp:i5vj+5jfSTtrTFqACs+CSHtDx
Score

1^/10
behavioral12 behavioral13
- Target
  
  jquery-3.4.1.min.js
- Size
  
  86KB
- MD5
  
  220afd743d9e9643852e31a135a9f3ae
- SHA1
  
  88523924351bac0b5d560fe0c5781e2556e7693d
- SHA256
  
  0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
- SHA512
  
  6e722fce1e8553be592b1a741972c7f5b7b0cdafce230e9d2d587d20283482881c96660682e4095a5f14df45a96ec193a9b222030c53b1b7bbe8312b2eae440d
- SSDEEP
  
  1536:yTExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZlOPma:ygZm0H5HO5+gCKWZyPmHQ47GKe
Score

1^/10
behavioral14 behavioral15
- Target
  
  template.js
- Size
  
  284KB
- MD5
  
  53278962de829f69a7198dcfefc508b7
- SHA1
  
  67c101a8ae6c80cf8477ad882ef7c32aa35cff78
- SHA256
  
  7be6b4feb3fbb34bbbca50d38228a02277969355d03f588f8316cd5954f3683d
- SHA512
  
  d1474c6a097de8a113459a9b2e3e3a2013fb0969ef7a10d29b6c18b4f18d60851899421ed2e02bc9853e66ba38f8c2124d883c984ef9ff0ad4f9e804bcd93199
- SSDEEP
  
  3072:FY1UCly6CkCYJT5BdPAUfBUlVQZbU8CB24iQqSNBYTsXNV0QnK3HwbNMFg:ElvCkCoB1AU+lVQZbUj7iQNNBaXgMFg
Score

1^/10
behavioral16 behavioral17

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

alienbotcerberusbankerevasioninfostealerratstealthtrojan

behavioral2

alienbotcerberusbankerevasioninfostealerratstealthtrojan

behavioral3

alienbotcerberusbankerevasioninfostealerratstealthtrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17