Extracted

• • Target

    7de0af643b9888e7f2f9009b1d40d9b8bb445b343db5d30c608c0dec3b25311e

  • Size

    2.1MB

  • MD5

    8d87534c81183f667ebae7692fe1f6f2

  • SHA1

    d9c1722b76094fbf0b7d2b0cdedc48e21e0e23c8

  • SHA256

    7de0af643b9888e7f2f9009b1d40d9b8bb445b343db5d30c608c0dec3b25311e

  • SHA512

    09929777ea6cc452eaf35a937f9f92efd83d4d7c9f706ee67587e0193a531a882870bc6b91b5c7498e8e15ec07eb832c5881fff7bdc53273fe1054441a94cb10

  • SSDEEP

    49152:MXZryfKnpo9UxQABmHfsyP+tNCxeE+yGJuyDh86xmdQgRwzl3M:Mprzn+QRm/syP+t8xOyGQyN86YQjM

  Score

  10^/10

  alienbotcerberusbankerevasioninfostealerratstealthtrojan

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus

  • Cerberus payload

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher

    stealthtrojan

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3