alienbot

General

Target

a980d19749ab96030c966cbb9980bbb7cc4dd1b3c6f272ea98d2c4516a7a508c.zip
Size

2.6MB
Sample

250327-a13draxmz6
MD5

32dedcfce5f4bcec8e2173cabd9164c5
SHA1

acbb71da02690f4838e39486dfffc5f6b2daa3df
SHA256

a980d19749ab96030c966cbb9980bbb7cc4dd1b3c6f272ea98d2c4516a7a508c
SHA512

6fbefdee78e95358192ff5c8b73a5120a66dfb943a74944ebc721d4cdc6b5609f09dfadc23760d2b38e5c7b594b6a64ded48accd1bd4132cf66a92a53c24b496
SSDEEP

49152:UoNw5Yw2xNcG6J3kVyNq27HYQ0RUN/LW4w5fGe9Tyt4KodSaP6OobY2w1Sh:7IYzxaGPyw2jYQ0WW4w5ee1yYc5B7qG

Score

10^/10

Malware Config

Extracted

Family

alienbot

C2

http://buralarneler.com

Targets

- Target
  
  8d4ba01befd0bb33459d7232c376cfb036c68857433ecc05a3f127b8edd64a66.apk
- Size
  
  2.6MB
- MD5
  
  a55df1afefc9562dca22c6befa00003b
- SHA1
  
  50616944bb194cb4f82dc28cd53c9dd4ca6f66f4
- SHA256
  
  8d4ba01befd0bb33459d7232c376cfb036c68857433ecc05a3f127b8edd64a66
- SHA512
  
  38e2c410c5ac6b1dc2d91c1fddec77dd9a374c0f6e090dc460c1819a78d7693846264982eccab90c0b6e73d874e916c3022c813d05c1fa7542f3ddaa45948833
- SSDEEP
  
  49152:QwaTYBSLms8ge13jrI4c17HiFdnyx4I/+Usf6r4+rRf3VKnZNe9:zaTBiamIbmy6I/+U8wLt3UZc9
Score

10^/10

alienbot cerberus banker collection credential_access defense_evasion discovery evasion execution infostealer persistence rat stealth trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Alienbot family
  alienbot
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Cerberus family
  cerberus
- Cerberus payload
- Removes its main activity from the application launcher
  stealth trojan evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Queries the mobile country code (MCC)
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  defense_evasion
behavioral1 behavioral2 behavioral3