alienbot

General

Target

331e239de166370ab59ae9715b8883ed6bbb642e721bd99854532b96d5b97806.bin
Size

4.1MB
Sample

240413-1yattsdf2x
MD5

144ecbe7fe5f52577163493160d3d9a8
SHA1

4a7345612480c4d01f158cabc73d204f6d5bcc25
SHA256

331e239de166370ab59ae9715b8883ed6bbb642e721bd99854532b96d5b97806
SHA512

612db01f4724d05b1cf1fc771b6e96094ebe4aa3879f51151b94e5ea0b3d785f8e97df30a27a2bfc29364c57a385d92d79a11550cc15ddaf0c8b83274fa6d91b
SSDEEP

98304:ZZL4xaxIGqxrZuK1LO6JLSJKr5n/W/A9hVqP2CXyQMbEaE1lNKCCfs:juai7xrwWTmw51g+CdM0vNlCs

Score

10^/10

Malware Config

Extracted

Family

alienbot

C2

http://wf4sctx9cksg94528o7o.xyz

Targets

- Target
  
  331e239de166370ab59ae9715b8883ed6bbb642e721bd99854532b96d5b97806.bin
- Size
  
  4.1MB
- MD5
  
  144ecbe7fe5f52577163493160d3d9a8
- SHA1
  
  4a7345612480c4d01f158cabc73d204f6d5bcc25
- SHA256
  
  331e239de166370ab59ae9715b8883ed6bbb642e721bd99854532b96d5b97806
- SHA512
  
  612db01f4724d05b1cf1fc771b6e96094ebe4aa3879f51151b94e5ea0b3d785f8e97df30a27a2bfc29364c57a385d92d79a11550cc15ddaf0c8b83274fa6d91b
- SSDEEP
  
  98304:ZZL4xaxIGqxrZuK1LO6JLSJKr5n/W/A9hVqP2CXyQMbEaE1lNKCCfs:juai7xrwWTmw51g+CdM0vNlCs
Score

10^/10

alienbot banker collection discovery evasion infostealer persistence stealth trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Removes its main activity from the application launcher
  stealth trojan evasion
- Checks CPU information
  Checks CPU information which indicate if the system is an emulator.
  evasion discovery
- Checks memory information
  Checks memory information which indicate if the system is an emulator.
  evasion discovery
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries account information for other applications stored on the device.
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Makes use of the framework's Accessibility service

Removes its main activity from the application launcher

Checks CPU information

Checks memory information

Loads dropped Dex/Jar

Makes use of the framework's foreground persistence service

Queries account information for other applications stored on the device.

Acquires the wake lock

Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2