General
-
Target
ebcc01dc4c4f5b5a1d691c5684b4b197_JaffaCakes118
-
Size
3.6MB
-
Sample
240410-xyzw6scc31
-
MD5
ebcc01dc4c4f5b5a1d691c5684b4b197
-
SHA1
81b0a11fa3344e57d37fc97f268532d8339fbbe3
-
SHA256
38e59c9876d09730d7e5d03204ebff9d9b6072108838354e62ab4b62e28bb839
-
SHA512
ec7de69877ee767062fdf4ad375324f22c00b44675c9e037ad07e01a72441f3ef7f4b52048d8c4e62bb8c331ccd52cd85ec0482b6def34944b08d61225bf93e6
-
SSDEEP
98304:5oC2wEsPVsbtNw5KbRQx8/msu+t+v5g6NQjaTZtC:5oC2TsP6bbbRQdsuRv5g6NQj2XC
Malware Config
Extracted
alienbot
http://salakodenekoz.net
Targets
-
-
Target
ebcc01dc4c4f5b5a1d691c5684b4b197_JaffaCakes118
-
Size
3.6MB
-
MD5
ebcc01dc4c4f5b5a1d691c5684b4b197
-
SHA1
81b0a11fa3344e57d37fc97f268532d8339fbbe3
-
SHA256
38e59c9876d09730d7e5d03204ebff9d9b6072108838354e62ab4b62e28bb839
-
SHA512
ec7de69877ee767062fdf4ad375324f22c00b44675c9e037ad07e01a72441f3ef7f4b52048d8c4e62bb8c331ccd52cd85ec0482b6def34944b08d61225bf93e6
-
SSDEEP
98304:5oC2wEsPVsbtNw5KbRQx8/msu+t+v5g6NQjaTZtC:5oC2TsP6bbbRQdsuRv5g6NQj2XC
Score10/10-
Alienbot
Alienbot is a fork of Cerberus banker first seen in January 2020.
-
Cerberus
An Android banker that is being rented to actors beginning in 2019.
-
Cerberus payload
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher
-
Checks CPU information
Checks CPU information which indicate if the system is an emulator.
-
Checks memory information
Checks memory information which indicate if the system is an emulator.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries account information for other applications stored on the device.
Application may abuse the framework's APIs to collect account information stored on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-