General

  • Target

    76aae1533f1aca39631fe0a053338850966815e808332ce67ea3c0b4cd85a174.bin

  • Size

    3.5MB

  • Sample

    231216-1w6hqadaen

  • MD5

    beeec17e265835b9dfc76f076664fdfd

  • SHA1

    480d53259e0950af363236f289166edca189a742

  • SHA256

    76aae1533f1aca39631fe0a053338850966815e808332ce67ea3c0b4cd85a174

  • SHA512

    f10b45b2949cf98d45518cc5f82f88c13ea64388f179295ef63428c0764ad617347ad30f7d8f7248fff076f580c5f78aa63f42f807227ab05cbee68dc0ba489a

  • SSDEEP

    49152:EUHKPS8aJluK5r1f0LRf7XMISsO0zjoK80obeW/9X16z2yrrH7MdBylHZIFW6B:6GP3bsf78Kzjo8SeWZwz2yLC106B

Malware Config

Extracted

Family

alienbot

C2

http://asayratermalhotel.xyz

rc4.plain

Extracted

Family

alienbot

C2

http://asayratermalhotel.xyz

Targets

    • Target

      76aae1533f1aca39631fe0a053338850966815e808332ce67ea3c0b4cd85a174.bin

    • Size

      3.5MB

    • MD5

      beeec17e265835b9dfc76f076664fdfd

    • SHA1

      480d53259e0950af363236f289166edca189a742

    • SHA256

      76aae1533f1aca39631fe0a053338850966815e808332ce67ea3c0b4cd85a174

    • SHA512

      f10b45b2949cf98d45518cc5f82f88c13ea64388f179295ef63428c0764ad617347ad30f7d8f7248fff076f580c5f78aa63f42f807227ab05cbee68dc0ba489a

    • SSDEEP

      49152:EUHKPS8aJluK5r1f0LRf7XMISsO0zjoK80obeW/9X16z2yrrH7MdBylHZIFW6B:6GP3bsf78Kzjo8SeWZwz2yLC106B

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

    • Cerberus payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Removes its main activity from the application launcher

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Acquires the wake lock

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Matrix

Tasks