alienbot | fb38636d1afb7c6df603ac4f441de7fd3d01c79c97577a5aca0afef8b2b8041b | Triage

Sharing

General

Target

ca7aec7eacd0f2820c73bf0a9523a382
Size

2.9MB
Sample

240315-ez6r1agb41
MD5

ca7aec7eacd0f2820c73bf0a9523a382
SHA1

c9eb3866d202582495c07abe5d8fcdf47e6c98d0
SHA256

fb38636d1afb7c6df603ac4f441de7fd3d01c79c97577a5aca0afef8b2b8041b
SHA512

0fc462d58394a029eeb015c23f0c7b2d39a924a7c0efd8ef02451bb99c8503f330917b3ee1634d309a07a404eadb02420a2e4c63ffa118fd83c5a0e7a02e85ab
SSDEEP

49152:rHJ/x3X4bGFT1ypsI9l8cxyvWdGHgNvewS2u6P6dlHq00b0J9d27jNP9aayTGgC:PI9sI4cwYHAh2P1QJ9yjZ9viGgC

Score

10^/10

alienbot cerberus android banker collection evasion infostealer rat stealth trojan

Malware Config

Extracted

Family

alienbot

C2

http://rareqtereqqer.sbs

Targets

- Target
  
  ca7aec7eacd0f2820c73bf0a9523a382
- Size
  
  2.9MB
- MD5
  
  ca7aec7eacd0f2820c73bf0a9523a382
- SHA1
  
  c9eb3866d202582495c07abe5d8fcdf47e6c98d0
- SHA256
  
  fb38636d1afb7c6df603ac4f441de7fd3d01c79c97577a5aca0afef8b2b8041b
- SHA512
  
  0fc462d58394a029eeb015c23f0c7b2d39a924a7c0efd8ef02451bb99c8503f330917b3ee1634d309a07a404eadb02420a2e4c63ffa118fd83c5a0e7a02e85ab
- SSDEEP
  
  49152:rHJ/x3X4bGFT1ypsI9l8cxyvWdGHgNvewS2u6P6dlHq00b0J9d27jNP9aayTGgC:PI9sI4cwYHAh2P1QJ9yjZ9viGgC
Score

10^/10

alienbot cerberus banker collection evasion infostealer rat stealth trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Cerberus payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Removes its main activity from the application launcher
  stealth trojan evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Hide Artifacts

Suppress Application Icon

Input Injection

Credential Access

Discovery

Lateral Movement

Collection

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

alienbotcerberusbankercollectionevasioninfostealerratstealthtrojan

behavioral2

alienbotcerberusbankercollectionevasioninfostealerratstealthtrojan

behavioral3