Overview

overview

10

Static

static

6

cf326fbe33...ca.apk

android-9-x86

10

cf326fbe33...ca.apk

android-10-x64

10

cf326fbe33...ca.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cf326fbe332f899b85f210dbee70dbca

  • Size

    3.4MB

  • Sample

    240316-13enksfc85

  • MD5

    cf326fbe332f899b85f210dbee70dbca

  • SHA1

    835ff482e4c037e8f5aa66bcf6dc4ac83abea6a0

  • SHA256

    1122a8215822a30c43ad684be7a2c8e4e4733d12b7e5a3aea4b570dc807ce8f1

  • SHA512

    f7c9227cd1e9b92a960c027fe998aa191ee31e0898d27ffeeba05e6c4b20aaf3c87fbe3be5e915c37f041ec36d190c89e7a75125b75558caf499f130d4df6f79

  • SSDEEP

    98304:c+RoZL1TRC1xLRffffTeipEXg/B0aLkjyn05Bv0azfkj:c+RoF1TRWlT2Xg/LYyn05Bsifw

Score
10/10
alienbotcerberusandroidbankercollectionevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

http://mysqlsystem.com

Targets

    • Target

      cf326fbe332f899b85f210dbee70dbca

    • Size

      3.4MB

    • MD5

      cf326fbe332f899b85f210dbee70dbca

    • SHA1

      835ff482e4c037e8f5aa66bcf6dc4ac83abea6a0

    • SHA256

      1122a8215822a30c43ad684be7a2c8e4e4733d12b7e5a3aea4b570dc807ce8f1

    • SHA512

      f7c9227cd1e9b92a960c027fe998aa191ee31e0898d27ffeeba05e6c4b20aaf3c87fbe3be5e915c37f041ec36d190c89e7a75125b75558caf499f130d4df6f79

    • SSDEEP

      98304:c+RoZL1TRC1xLRffffTeipEXg/B0aLkjyn05Bv0azfkj:c+RoF1TRWlT2Xg/LYyn05Bsifw

    Score
    10/10
    alienbotcerberusbankercollectionevasioninfostealerratstealthtrojan

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

      bankertrojaninfostealeralienbot

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

      bankertrojaninfostealerevasionratcerberus

    • Cerberus payload

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasion

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Requests enabling of the accessibility settings.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks