General
-
Target
76aae1533f1aca39631fe0a053338850966815e808332ce67ea3c0b4cd85a174.bin
-
Size
3.5MB
-
Sample
231216-1w6hqadaen
-
MD5
beeec17e265835b9dfc76f076664fdfd
-
SHA1
480d53259e0950af363236f289166edca189a742
-
SHA256
76aae1533f1aca39631fe0a053338850966815e808332ce67ea3c0b4cd85a174
-
SHA512
f10b45b2949cf98d45518cc5f82f88c13ea64388f179295ef63428c0764ad617347ad30f7d8f7248fff076f580c5f78aa63f42f807227ab05cbee68dc0ba489a
-
SSDEEP
49152:EUHKPS8aJluK5r1f0LRf7XMISsO0zjoK80obeW/9X16z2yrrH7MdBylHZIFW6B:6GP3bsf78Kzjo8SeWZwz2yLC106B
Static task
static1
Behavioral task
behavioral1
Sample
76aae1533f1aca39631fe0a053338850966815e808332ce67ea3c0b4cd85a174.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
76aae1533f1aca39631fe0a053338850966815e808332ce67ea3c0b4cd85a174.apk
Resource
android-x64-20231215-en
Malware Config
Extracted
alienbot
http://asayratermalhotel.xyz
Extracted
alienbot
http://asayratermalhotel.xyz
Targets
-
-
Target
76aae1533f1aca39631fe0a053338850966815e808332ce67ea3c0b4cd85a174.bin
-
Size
3.5MB
-
MD5
beeec17e265835b9dfc76f076664fdfd
-
SHA1
480d53259e0950af363236f289166edca189a742
-
SHA256
76aae1533f1aca39631fe0a053338850966815e808332ce67ea3c0b4cd85a174
-
SHA512
f10b45b2949cf98d45518cc5f82f88c13ea64388f179295ef63428c0764ad617347ad30f7d8f7248fff076f580c5f78aa63f42f807227ab05cbee68dc0ba489a
-
SSDEEP
49152:EUHKPS8aJluK5r1f0LRf7XMISsO0zjoK80obeW/9X16z2yrrH7MdBylHZIFW6B:6GP3bsf78Kzjo8SeWZwz2yLC106B
-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-