alienbot | 853f583921fc1750df0ce73c929be81dc7f401f11870e3a7c0e339b76a694742 | Triage

Submit
Reports

Overview

overview

Static

static

853f583921...42.apk

android-9-x86

853f583921...42.apk

android-10-x64

853f583921...42.apk

android-11-x64

Sharing

General

Target

853f583921fc1750df0ce73c929be81dc7f401f11870e3a7c0e339b76a694742
Size

301KB
Sample

231220-fggktscecq
MD5

ee5c67d9b6064d6f36e9025b5c142190
SHA1

b4f03e335e0f96100ac3362c9b0dee82437d31ab
SHA256

853f583921fc1750df0ce73c929be81dc7f401f11870e3a7c0e339b76a694742
SHA512

9f5aaebe775f8c2c75947dcf30ff16ee19b5120a331f37b3051847c7f08d9921ba26582c7cdb4bad996ba5457f45545b964b1bad902e445faa6ba921fc1b1463
SSDEEP

6144:BCveehY0824v857BRpFX9mUTiQBy6AKSDdBR1hR28xP/JWi0dR5g3mLlkWAC:dekS7BPh9mUu2ySSxvR2k/PmRoEee

Score

10^/10

alienbot cerberus android banker evasion infostealer rat stealth trojan

Static task

static1

5 signatures

Behavioral task

behavioral1

Sample

853f583921fc1750df0ce73c929be81dc7f401f11870e3a7c0e339b76a694742.apk

Resource

android-x86-arm-20231215-en

alienbot cerberus banker evasion infostealer rat stealth trojan

android-9-x86

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

853f583921fc1750df0ce73c929be81dc7f401f11870e3a7c0e339b76a694742.apk

Resource

android-x64-20231215-en

alienbot cerberus banker evasion infostealer rat stealth trojan

android-10-x64

4 signatures

150 seconds

Behavioral task

behavioral3

Sample

853f583921fc1750df0ce73c929be81dc7f401f11870e3a7c0e339b76a694742.apk

Resource

android-x64-arm64-20231215-en

alienbot cerberus banker evasion infostealer rat stealth trojan

android-11-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

alienbot

C2

http://birgaripdunyasanki.tk

Targets

- Target
  
  853f583921fc1750df0ce73c929be81dc7f401f11870e3a7c0e339b76a694742
- Size
  
  301KB
- MD5
  
  ee5c67d9b6064d6f36e9025b5c142190
- SHA1
  
  b4f03e335e0f96100ac3362c9b0dee82437d31ab
- SHA256
  
  853f583921fc1750df0ce73c929be81dc7f401f11870e3a7c0e339b76a694742
- SHA512
  
  9f5aaebe775f8c2c75947dcf30ff16ee19b5120a331f37b3051847c7f08d9921ba26582c7cdb4bad996ba5457f45545b964b1bad902e445faa6ba921fc1b1463
- SSDEEP
  
  6144:BCveehY0824v857BRpFX9mUTiQBy6AKSDdBR1hR28xP/JWi0dR5g3mLlkWAC:dekS7BPh9mUu2ySSxvR2k/PmRoEee
Score

10^/10

alienbot cerberus banker evasion infostealer rat stealth trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Removes its main activity from the application launcher
  stealth trojan
- Requests enabling of the accessibility settings.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

alienbotcerberusbankerevasioninfostealerratstealthtrojan

behavioral2

alienbotcerberusbankerevasioninfostealerratstealthtrojan

behavioral3

alienbotcerberusbankerevasioninfostealerratstealthtrojan

© 2018-2024

Terms | Privacy