General
-
Target
74ff2c72c16aa2909fdb5adbb83f122b
-
Size
4.3MB
-
Sample
240125-t7pk1sahc6
-
MD5
74ff2c72c16aa2909fdb5adbb83f122b
-
SHA1
eafc99acfb4757ee27bce2b2bbac0e08bd6f6b52
-
SHA256
1a79724595a99052723f2422d57ec93b1f62e1cdb2121ae9ae2175b107e60a00
-
SHA512
f3b3e8d3e96c54c49963c57d009c1bf0fc5993c208fb715630490f1a724efdeffd3f39b4dd7fad2135c81b0b511334bf64d57e5f513c8902f6ebcecbf03644bc
-
SSDEEP
98304:eiyySaTQmA1mTEw07N01PtM2G2LqUrSUjvbLqs50MISGhGv3Jn:cyS/CTEtN6FvGLvKui3Jn
Malware Config
Extracted
alienbot
http://vgokkycl61ck.xyz
Targets
-
-
Target
74ff2c72c16aa2909fdb5adbb83f122b
-
Size
4.3MB
-
MD5
74ff2c72c16aa2909fdb5adbb83f122b
-
SHA1
eafc99acfb4757ee27bce2b2bbac0e08bd6f6b52
-
SHA256
1a79724595a99052723f2422d57ec93b1f62e1cdb2121ae9ae2175b107e60a00
-
SHA512
f3b3e8d3e96c54c49963c57d009c1bf0fc5993c208fb715630490f1a724efdeffd3f39b4dd7fad2135c81b0b511334bf64d57e5f513c8902f6ebcecbf03644bc
-
SSDEEP
98304:eiyySaTQmA1mTEw07N01PtM2G2LqUrSUjvbLqs50MISGhGv3Jn:cyS/CTEtN6FvGLvKui3Jn
Score10/10-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-