Overview

overview

10

Static

static

10

f73d07ab3f...e0.apk

android-9-x86

10

f73d07ab3f...e0.apk

android-10-x64

10

f73d07ab3f...e0.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f73d07ab3f091ba4ee6d19843d228714d36074d331605de91d674cba7a8440e0.bin

  • Size

    317KB

  • Sample

    240417-1x8pgagf9v

  • MD5

    3560fa9200977ce6c2d93443d9ac0bfd

  • SHA1

    880d50db4f554d6de232d1c44241600b2fcc51c3

  • SHA256

    f73d07ab3f091ba4ee6d19843d228714d36074d331605de91d674cba7a8440e0

  • SHA512

    65ce833cdd8e3cc3632073d1914825b85c5d144cf8f30d4080bd3c870e5076a44d478aa36081c58cda0125eeedd86d69b5149dd4d1330dd73c60382d06173b6f

  • SSDEEP

    6144:u4TktnNxW+tIs00QxwE3+xvoyeA1dSVUm6X5oLW9JjJl883/h3/REbZG6:ubqx0xEAoz6Qw88353OV

Score
10/10
alienbotcerberusandroidbankercollectiondiscoveryevasioninfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

alienbot

C2

https://81.161.229.185

rc4.plain

Extracted

Family

alienbot

C2

https://81.161.229.185

Targets

    • Target

      f73d07ab3f091ba4ee6d19843d228714d36074d331605de91d674cba7a8440e0.bin

    • Size

      317KB

    • MD5

      3560fa9200977ce6c2d93443d9ac0bfd

    • SHA1

      880d50db4f554d6de232d1c44241600b2fcc51c3

    • SHA256

      f73d07ab3f091ba4ee6d19843d228714d36074d331605de91d674cba7a8440e0

    • SHA512

      65ce833cdd8e3cc3632073d1914825b85c5d144cf8f30d4080bd3c870e5076a44d478aa36081c58cda0125eeedd86d69b5149dd4d1330dd73c60382d06173b6f

    • SSDEEP

      6144:u4TktnNxW+tIs00QxwE3+xvoyeA1dSVUm6X5oLW9JjJl883/h3/REbZG6:ubqx0xEAoz6Qw88353OV

    Score
    10/10
    alienbotcerberusbankercollectiondiscoveryevasioninfostealerpersistenceratstealthtrojan

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

      bankertrojaninfostealeralienbot

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

      bankertrojaninfostealerevasionratcerberus

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasion

    • Removes its main activity from the application launcher

      stealthtrojanevasion

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

      evasiondiscovery

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

      evasiondiscovery

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Queries account information for other applications stored on the device.

      Application may abuse the framework's APIs to collect account information stored on the device.

      collection

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Acquires the wake lock

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks