Extracted

Extracted

• • Target

    076b91babd63b5714b4feee3c502fdc519095d9469aaf67ea5532fa9e7a2e839.bin

  • Size

    3.2MB

  • MD5

    ba778123be2f17763bb14b3c96e89760

  • SHA1

    adde8ccb891b394619d8f49eb8f489b15037a833

  • SHA256

    076b91babd63b5714b4feee3c502fdc519095d9469aaf67ea5532fa9e7a2e839

  • SHA512

    fee7890ed63fa0b8a1f0a0e029302648873f81dcfd813382b9e6cd967295972eeff2973737d8432883d3c404d188fb73647ffd91cee7e8ee754bb79140aa61c2

  • SSDEEP

    98304:owN7yGv1Y8TxylMckA37rQe786qRi6mQHZ:owpyGo2pAEe789g6/HZ

  Score

  10^/10

  alienbotcerberusbankerevasioninfostealerratstealthtrojan

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus

  • Cerberus payload

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher

    stealthtrojan

  • Checks Android system properties for emulator presence.

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3