{
	"id": "cfd70daa-eeb2-4e81-93e3-d66bd00ce61d",
	"created_at": "2026-04-06T00:11:16.739713Z",
	"updated_at": "2026-04-10T13:12:36.612655Z",
	"deleted_at": null,
	"sha1_hash": "36bf22879228a6e8739ee99db683c231a5e74e64",
	"title": "alien_technical_analysis_report.pdf",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 29962,
	"plain_text": "alien_technical_analysis_report.pdf\r\nArchived: 2026-04-05 15:50:08 UTC\r\nSida 3 av 26\r\n2\r\nIntroduction\r\nAlien malware was first introduced in MaaS (Malware as a Service) forums by a user named\r\nring0. The Alien pest appears to be an extension of Cerberus V1, according to ThreadFabric\r\nreports. It is estimated to have been developed by or separated from the Cerberus family as\r\nan alternative to the Cerberus pest, whose development was discontinued in early 2020.\r\nCerberus malware, which did not offer a major innovation in May 2020, added the ability to\r\nsteal information only from the Google Authenticator application, in addition to the previous\r\nversion. The code structure that performs this malicious operation is almost identical to the\r\nAlien malware that was released in February 2020. This similarity raises suspicions that the\r\ndevelopers of the Cerberus pest are related to the Alien developers.\r\nAlien malware of Android Banking Trojan type is more capable than ordinary Banking Trojan\r\nmalware. Alien malware has high-level capabilities such as transferring important\r\ninformation such as sms, contacts, call logs on the victim device to the remote server,\r\nexecuting commands from the C2 server, and reading incoming notifications.\r\nForum post\r\nSource: https://drive.google.com/file/d/1qd7Nqjhe2vyGZ5bGm6gVw0mM1D6YDolu/view?usp=sharing\r\nhttps://drive.google.com/file/d/1qd7Nqjhe2vyGZ5bGm6gVw0mM1D6YDolu/view?usp=sharing\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://drive.google.com/file/d/1qd7Nqjhe2vyGZ5bGm6gVw0mM1D6YDolu/view?usp=sharing"
	],
	"report_names": [
		"view?usp=sharing"
	],
	"threat_actors": [],
	"ts_created_at": 1775434276,
	"ts_updated_at": 1775826756,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/36bf22879228a6e8739ee99db683c231a5e74e64.pdf",
		"text": "https://archive.orkl.eu/36bf22879228a6e8739ee99db683c231a5e74e64.txt",
		"img": "https://archive.orkl.eu/36bf22879228a6e8739ee99db683c231a5e74e64.jpg"
	}
}