Extracted

• • Target

    e42988084f6d064c900d922f374a33fdbbefa14fd420ce1df1d5d632b851f560

  • Size

    3.6MB

  • MD5

    a7800a5e355a0adc53c6ebcea6fa9a08

  • SHA1

    f3da3c9707625acb37971452262b158739e243c5

  • SHA256

    e42988084f6d064c900d922f374a33fdbbefa14fd420ce1df1d5d632b851f560

  • SHA512

    0d24cb353da3b942a43ea6fe35f55febc3254fa64062cac4c9c1afb43cbaf6318f7c5fdde63c276aeadabb0e4ef5db8a8e9dba80dca8ea9d36b4f08a28413330

  • SSDEEP

    98304:llhFH/oe6k2esxFH/6KbMCv/XEB6NFOw2Ycb9fP:xqE2BxFCK4w/XqwV2Yc5X

  Score

  10^/10

  alienbotcerberusbankerevasioninfostealerratstealthtrojan

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus

  • Cerberus payload

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher

    stealthtrojan

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3