Extracted

• • Target

    c58cb2d542178830e7d1a52227116256

  • Size

    3.4MB

  • MD5

    c58cb2d542178830e7d1a52227116256

  • SHA1

    741f00d6ea8150d2baa39f27ca74c867284f993b

  • SHA256

    59b0c482d02ef1211b936a329a99819f7c3c603808960b53eca558f293362c85

  • SHA512

    36461b81c8dbb3fd5e3ded0d948a58b0f61e96753d4525fa0ce7671bef62078aeb69a292ccbf65071394d7bbec3277a3cec257a892f253cc86558bcb1c6d5657

  • SSDEEP

    98304:4BoZZDIoNryzla4dBh1TL4bXmB4lAKW+PMTb721:4BoLIoYlHdBh1TLCXmB4l1Wr+1

  Score

  10^/10

  alienbotcerberusbankercollectionevasioninfostealerratstealthtrojan

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus

  • Cerberus payload

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Requests enabling of the accessibility settings.

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3