alienbot

General

Target

fe4fdb9e61d011b7c5abb9202a23635fc17f7240b6135b5af33abbae948d52e7.zip
Size

1.3MB
Sample

250327-zhleyszmw3
MD5

13ca5e977f8501c3fe6adae70bc44940
SHA1

76559d207eb4daaa13d5acf95f34ec9c26769d66
SHA256

fe4fdb9e61d011b7c5abb9202a23635fc17f7240b6135b5af33abbae948d52e7
SHA512

0e038667a3b1c9e45fbf3cac403cfd8ce6c7a27f31965e8b5a54c3c6d777113cba1b3301ad9a727dba191b742c7e0b9845b2abd1a402a49c51a649612aa06989
SSDEEP

24576:TrCAXWeYOBlV5NPhlIMLpz3o1MXqGEhNak460cqWatKt6zNHPiNG9bqRunR+:TxG1czftl3oeXq1/zBqWatK4NH6E91nQ

Score

10^/10

Malware Config

Extracted

Family

alienbot

C2

http://alskdalksdlaksdjlaigpopoinojasg.info/

Targets

- Target
  
  25f8c85774f2c0cfb7122f2a1de2301498c70c239a42d0cd9399c904c22a35b9.apk
- Size
  
  1.4MB
- MD5
  
  7557a88cf8e930d33675a1cf2a3ca0f0
- SHA1
  
  dff8dd372f1d3137bb41820f89b67acecb7204c1
- SHA256
  
  25f8c85774f2c0cfb7122f2a1de2301498c70c239a42d0cd9399c904c22a35b9
- SHA512
  
  3d8214805293c47ed91b40653619396d1a82a9310a27c7979723a0f3b5d7d67c198802f534ba98ac882d5090c9913b7e930335edf13a7a4a658c8cdb9d4feed8
- SSDEEP
  
  24576:1p9ZisGtk5hudq5nS6uVA16rhWSEsKfTiVRGp4v97dxyDheGvYwWb7owcGgEKC9k:1pfJ3HYFlWF3fTiVRC4v95x8heLRozPP
Score

10^/10

alienbot cerberus banker collection credential_access defense_evasion discovery evasion execution infostealer persistence rat stealth trojan
- Alienbot
  Alienbot is a fork of Cerberus banker first seen in January 2020.
  banker trojan infostealer alienbot
- Alienbot family
  alienbot
- Cerberus
  An Android banker that is being rented to actors beginning in 2019.
  banker trojan infostealer evasion rat cerberus
- Cerberus family
  cerberus
- Cerberus payload
- Removes its main activity from the application launcher
  stealth trojan evasion
- Checks Android system properties for emulator presence.
  defense_evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection defense_evasion credential_access
- Queries account information for other applications stored on the device
  Application may abuse the framework's APIs to collect account information stored on the device.
  collection
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Queries the mobile country code (MCC)
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  defense_evasion
behavioral1 behavioral2 behavioral3