alienbot

General

Target

1ec1447072bc44345979229d7d97b0156b85cbda3e6720e817af1be76ad27153.zip
Size

3.5MB
Sample

250325-nlewssvyav
MD5

4332b7ee6f453362c1d470bc805922a4
SHA1

b98282033796dde4105e007f8c72a9a0e990c9c0
SHA256

1ec1447072bc44345979229d7d97b0156b85cbda3e6720e817af1be76ad27153
SHA512

86fea4ced9b62d97eb37d3ce7f795b0624c2c1958f597f5cd45bac59f74d3862c8a4d4156f0312228c05f0ef82e5cb12756c8ede519d76df823984afa499de3c
SSDEEP

98304:THHWfQaHr8tLvr1XOCZfL3enj/FDW1an9X3khpjWVkcg:Sfxr0vroCMn741Wp3kTjekcg

Score

10^/10

Malware Config

Extracted

Family

alienbot

C2

http://ototmootot.com

Targets

- Target
  
  e3ae7cb2eaa532da35412d2d96ec08b02a907678f18518c9e7d3dd59ddd96e67.apk
- Size
  
  3.6MB
- MD5
  
  dea978d07ac311a6e5c98704c01c95c5
- SHA1
  
  2443f8e9795088d7277524cef6be6497ca4bc6da
- SHA256
  
  e3ae7cb2eaa532da35412d2d96ec08b02a907678f18518c9e7d3dd59ddd96e67
- SHA512
  
  c93800347bac73550477cdf5258bac1d760e2ddbf8b3608c2fd71c3b8e0d5f93f48d9decfe529c3b89fb07485c56f04dfc83007dd094803379aa8f61a98a47cf
- SSDEEP
  
  98304:gvyRCRRxztr0ic/XDL1J+jBphNAtDShEhV693xz:g6KLByH1ipDApSh069Bz
Score

10^/10

alienbot cerberus banker collection credential_access defense_evasion discovery evasion execution infostealer persistence rat stealth trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Alienbot family
  alienbot
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Cerberus family
  cerberus
- Cerberus payload
- Removes its main activity from the application launcher
  stealth trojan evasion
- Checks Android system properties for emulator presence.
  defense_evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Queries the mobile country code (MCC)
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  defense_evasion
behavioral1 behavioral2 behavioral3