General
-
Target
c86f20dc93c1d5427ae149ce89e764d2
-
Size
311KB
-
Sample
240314-mvkb7scc93
-
MD5
c86f20dc93c1d5427ae149ce89e764d2
-
SHA1
c0f961ba8df77cfe6848b6679b94f398bf2e5053
-
SHA256
1236be7fd1385b2543205404d96f37bded28a626d27d1e0a1dd4c570ef6dd2ad
-
SHA512
d8a283b5a5225ddfac96c1be5c21ea90b32df70d5639392c8afbc20d675f838459fe0aa428baf7db7b44beab28006df8801d700190351ae28b12e738acc588aa
-
SSDEEP
6144:x19xxvzXZYfrhtyjHpj1V6HGdVDse3U0ls6yiAZ4oFT8A9K9LhRFYwbOh4hZm:Rxxv5jHRSmdJse3UiBgTR9K9LnFYwb8/
Malware Config
Extracted
alienbot
http://abindizzobremin.tk
Targets
-
-
Target
c86f20dc93c1d5427ae149ce89e764d2
-
Size
311KB
-
MD5
c86f20dc93c1d5427ae149ce89e764d2
-
SHA1
c0f961ba8df77cfe6848b6679b94f398bf2e5053
-
SHA256
1236be7fd1385b2543205404d96f37bded28a626d27d1e0a1dd4c570ef6dd2ad
-
SHA512
d8a283b5a5225ddfac96c1be5c21ea90b32df70d5639392c8afbc20d675f838459fe0aa428baf7db7b44beab28006df8801d700190351ae28b12e738acc588aa
-
SSDEEP
6144:x19xxvzXZYfrhtyjHpj1V6HGdVDse3U0ls6yiAZ4oFT8A9K9LhRFYwbOh4hZm:Rxxv5jHRSmdJse3UiBgTR9K9LnFYwb8/
Score10/10-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher
-
Requests enabling of the accessibility settings.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-