Extracted

• • Target

    ea911124defd4bf8d63aba29b0a04ed9_JaffaCakes118

  • Size

    4.3MB

  • MD5

    ea911124defd4bf8d63aba29b0a04ed9

  • SHA1

    de6bdb3f1153e95fbf3b4aff904616ff8340e681

  • SHA256

    dad6cdcd782dc3daf5cf1dbdd82c58336af18b33a87be3f19b0833e547fe90a5

  • SHA512

    1458992047473bdb3aed2e1db675495a2924e70d8ff087e487d140ffaa46c0bec78c0d30f96a24eba4aa09bfce81230e531af817e2ff5332bfe8b60e365a7cd0

  • SSDEEP

    98304:qdK5aHKd+5ZEy/U8cZID5oLO50zISGdo/vIlZPB2S/kP8:2qdry88cm1ELmkvIlZPB258

  Score

  10^/10

  alienbotbankercollectiondiscoveryevasioninfostealerpersistencestealthtrojan

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Checks CPU information

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery

  • Checks memory information

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Queries account information for other applications stored on the device.

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Acquires the wake lock

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2