Extracted

• • Target

    331e239de166370ab59ae9715b8883ed6bbb642e721bd99854532b96d5b97806.bin

  • Size

    4.1MB

  • MD5

    144ecbe7fe5f52577163493160d3d9a8

  • SHA1

    4a7345612480c4d01f158cabc73d204f6d5bcc25

  • SHA256

    331e239de166370ab59ae9715b8883ed6bbb642e721bd99854532b96d5b97806

  • SHA512

    612db01f4724d05b1cf1fc771b6e96094ebe4aa3879f51151b94e5ea0b3d785f8e97df30a27a2bfc29364c57a385d92d79a11550cc15ddaf0c8b83274fa6d91b

  • SSDEEP

    98304:ZZL4xaxIGqxrZuK1LO6JLSJKr5n/W/A9hVqP2CXyQMbEaE1lNKCCfs:juai7xrwWTmw51g+CdM0vNlCs

  Score

  10^/10

  alienbotbankercollectiondiscoveryevasioninfostealerpersistencestealthtrojan

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Checks CPU information

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery

  • Checks memory information

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Queries account information for other applications stored on the device.

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection

  • Acquires the wake lock

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2