General

  • Target

    f73d07ab3f091ba4ee6d19843d228714d36074d331605de91d674cba7a8440e0.bin

  • Size

    317KB

  • Sample

    240417-1x8pgagf9v

  • MD5

    3560fa9200977ce6c2d93443d9ac0bfd

  • SHA1

    880d50db4f554d6de232d1c44241600b2fcc51c3

  • SHA256

    f73d07ab3f091ba4ee6d19843d228714d36074d331605de91d674cba7a8440e0

  • SHA512

    65ce833cdd8e3cc3632073d1914825b85c5d144cf8f30d4080bd3c870e5076a44d478aa36081c58cda0125eeedd86d69b5149dd4d1330dd73c60382d06173b6f

  • SSDEEP

    6144:u4TktnNxW+tIs00QxwE3+xvoyeA1dSVUm6X5oLW9JjJl883/h3/REbZG6:ubqx0xEAoz6Qw88353OV

Malware Config

Extracted

Family

alienbot

C2

https://81.161.229.185

rc4.plain
1
tycusvgndour

Extracted

Family

alienbot

C2

https://81.161.229.185

Targets

    • Target

      f73d07ab3f091ba4ee6d19843d228714d36074d331605de91d674cba7a8440e0.bin

    • Size

      317KB

    • MD5

      3560fa9200977ce6c2d93443d9ac0bfd

    • SHA1

      880d50db4f554d6de232d1c44241600b2fcc51c3

    • SHA256

      f73d07ab3f091ba4ee6d19843d228714d36074d331605de91d674cba7a8440e0

    • SHA512

      65ce833cdd8e3cc3632073d1914825b85c5d144cf8f30d4080bd3c870e5076a44d478aa36081c58cda0125eeedd86d69b5149dd4d1330dd73c60382d06173b6f

    • SSDEEP

      6144:u4TktnNxW+tIs00QxwE3+xvoyeA1dSVUm6X5oLW9JjJl883/h3/REbZG6:ubqx0xEAoz6Qw88353OV

    • Alienbot

      Alienbot is a fork of Cerberus banker first seen in January 2020.

    • Cerberus

      An Android banker that is being rented to actors beginning in 2019.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Removes its main activity from the application launcher

    • Checks CPU information

      Checks CPU information which indicate if the system is an emulator.

    • Checks memory information

      Checks memory information which indicate if the system is an emulator.

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries account information for other applications stored on the device.

      Application may abuse the framework's APIs to collect account information stored on the device.

    • Queries the phone number (MSISDN for GSM devices)

    • Acquires the wake lock

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.