Extracted

• • Target

    Player.apk

  • Size

    3.7MB

  • MD5

    934d0d9425168fb975604dae2b93f000

  • SHA1

    410d06356d4417111adc21595fd34e8fac47b13b

  • SHA256

    b7869b123154eb461599a0b3f30fc18174787b0ed05a825d4371d54112de24b2

  • SHA512

    6bde86e6f731ab9cfbab91789817561d7ec48141811271a12bb33c0322025669c6ebde7a530a49e633719bcd4a438ed9efd67468d3a3865e2dd293e9318283ea

  • SSDEEP

    98304:uRW/t6GJtaDudtOBNkfmEnd/VgyMd+RDr/qrx5h:8WjnOB2f3ntMeDy

  Score

  10^/10

  alienbotcerberusbankercollectiondiscoveryevasioninfostealerratstealthtrojan

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus

  • Cerberus payload

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Checks CPU information

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery

  • Checks memory information

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Queries account information for other applications stored on the device.

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Requests enabling of the accessibility settings.

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3