Resubmissions

10-12-2023 02:29

231210-cyvl8sbehq 10

04-12-2023 22:00

231204-1wsa4afg7w 10

General

  • Target

    23b3e076cdab5b50881f23a26a0f7d1d64b600ea5a8856da2a4f3adab81203a6.bin

  • Size

    1.9MB

  • Sample

    231204-1wsa4afg7w

  • MD5

    646587934709574ea4f9b1fab6e6a9bf

  • SHA1

    49928e81110adc671b33191b49058709def46c07

  • SHA256

    23b3e076cdab5b50881f23a26a0f7d1d64b600ea5a8856da2a4f3adab81203a6

  • SHA512

    14797057550ee09330357c6793889cccb94680376f356221d2329582ac601f71631107d370cbfd42acdc0b2fd28caee1adc72b0cf565f9727864696af052b664

  • SSDEEP

    49152:EZEf0UOWjhOs8KuVWU86zAIrw2xXA44udBaxC2qHhzG:E+cURAsoVWUbUIrwEXA44u3ax1ozG

Malware Config

Extracted

Family

alienbot

C2

http://bpargastasyas.ml

rc4.plain

Extracted

Family

alienbot

C2

http://bpargastasyas.ml

Targets

    • Target

      23b3e076cdab5b50881f23a26a0f7d1d64b600ea5a8856da2a4f3adab81203a6.bin

    • Size

      1.9MB

    • MD5

      646587934709574ea4f9b1fab6e6a9bf

    • SHA1

      49928e81110adc671b33191b49058709def46c07

    • SHA256

      23b3e076cdab5b50881f23a26a0f7d1d64b600ea5a8856da2a4f3adab81203a6

    • SHA512

      14797057550ee09330357c6793889cccb94680376f356221d2329582ac601f71631107d370cbfd42acdc0b2fd28caee1adc72b0cf565f9727864696af052b664

    • SSDEEP

      49152:EZEf0UOWjhOs8KuVWU86zAIrw2xXA44udBaxC2qHhzG:E+cURAsoVWUbUIrwEXA44u3ax1ozG

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

    • Cerberus payload

    • Makes use of the framework's Accessibility service.

    • Removes its main activity from the application launcher

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

MITRE ATT&CK Matrix

Tasks