Extracted

Extracted

• • Target

    64b9fcddb47dcd9aee6f23da3276b75fc675012a3190a3c73f23d0d36873f1bf.bin

  • Size

    2.2MB

  • MD5

    419f7d6d8b520f40b0a5354a967f2629

  • SHA1

    6ee2d1771f0383e490c76b286e7aa56661add35d

  • SHA256

    64b9fcddb47dcd9aee6f23da3276b75fc675012a3190a3c73f23d0d36873f1bf

  • SHA512

    99191ef21e52f246b5999b76a3dc04a6aff5bfaea1ce3e8b7603e2193f58d505b8a124bf0092ad5ecc31c68e6b8ad5de7123b2c20a5c28f9fc98b833572294f4

  • SSDEEP

    49152:snGxY44448z+viV+0pKJxRbjEFQPVIHxXVxN2eCB/t9+CJxvBZZ1ceVHbQc/NceG:snquE+0p2RbjEFQPKHxXVxN2eCB1Jxv6

  Score

  10^/10

  alienbotcerberusbankercollectionevasioninfostealerpersistenceratstealthtrojan

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus

  • Cerberus payload

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Requests enabling of the accessibility settings.

  • Acquires the wake lock

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3behavioral4