Extracted

• • Target

    90af46893399b32b248d34e08ec642026a48477f248c5c3f6c43951eb66b9b04.bin

  • Size

    4.3MB

  • MD5

    ad917961fcd002cfac87b7f60c326b82

  • SHA1

    d2370a311205c367c06e84158995f9bc21c7291e

  • SHA256

    90af46893399b32b248d34e08ec642026a48477f248c5c3f6c43951eb66b9b04

  • SHA512

    1c622a6d3cbdab2febf3e70b763f72bec19a65598e8b302b297cbdd20916b22344738f50c87936eb33cc0b942c7fa921d0d386fc19dbf9d3eb4fc77f8d7b7243

  • SSDEEP

    98304:wOW+ZaAnVboJS4P/T/S9386jZ27hx1JNWjrVWn1wgvcxpr3aQ/:Hay0J6Stxkkn1wscXL/

  Score

  10^/10

  alienbotbankercollectionevasioninfostealerpersistencestealthtrojan

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Acquires the wake lock

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2