Extracted

• • Target

    beb41073bb04429078a1dc2b781ac6c47da3f34cfec7347bfa7a27ca29f02496.bin

  • Size

    4.9MB

  • MD5

    983411f142d382b114bd2f3b3242dfca

  • SHA1

    5658da4cbf643263788bc35b1f6225b314e04559

  • SHA256

    beb41073bb04429078a1dc2b781ac6c47da3f34cfec7347bfa7a27ca29f02496

  • SHA512

    9714c36b4e472170be06a48b5ca7900d2fbbc81d7dc7480f710e1fce87cc6134ca41460dad737d633a3a33098ba4655438a3a50027fa6dd7a85c88e45e553b05

  • SSDEEP

    98304:f41xY6ILqyZKQwtuKJ2JLSJKrBZ/S/G98ISGn50XYd5brdx+jWjrTuaKKMOB95a:x6lyZ7y/2mwHopodR3Pjrqa3MOf5a

  Score

  10^/10

  alienbotbankercollectionevasioninfostealerstealthtrojan

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Removes its main activity from the application launcher

    stealthtrojan

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2