General
-
Target
ae558d6f0465295f8f01d58c3ab7fe21
-
Size
3.8MB
-
Sample
240229-mxqa8sfb45
-
MD5
ae558d6f0465295f8f01d58c3ab7fe21
-
SHA1
67e9336c1d0883fc627edcadb9507747d700b136
-
SHA256
fc226b880cbc3e7708265d3e9c4e75cc2c115be2a05afcdc17212e4a11ba2bc3
-
SHA512
be2072bedc843d257db5a7ed431e245fef9ff2797f07b8a2a730ccbe9ae5a1b47dea47c7500c9d2179f7a605081b14d5c446fe2fd81ff6f2d168a3181e1d4530
-
SSDEEP
98304:uLavM277jQZuwOiawrGKKGXppiJHbs0/iEd:uLkMi7jQZutD4RD06Ed
Malware Config
Extracted
alienbot
http://mamarhelindal1.digital
Targets
-
-
Target
ae558d6f0465295f8f01d58c3ab7fe21
-
Size
3.8MB
-
MD5
ae558d6f0465295f8f01d58c3ab7fe21
-
SHA1
67e9336c1d0883fc627edcadb9507747d700b136
-
SHA256
fc226b880cbc3e7708265d3e9c4e75cc2c115be2a05afcdc17212e4a11ba2bc3
-
SHA512
be2072bedc843d257db5a7ed431e245fef9ff2797f07b8a2a730ccbe9ae5a1b47dea47c7500c9d2179f7a605081b14d5c446fe2fd81ff6f2d168a3181e1d4530
-
SSDEEP
98304:uLavM277jQZuwOiawrGKKGXppiJHbs0/iEd:uLkMi7jQZutD4RD06Ed
Score10/10-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-