Extracted

• • Target

    8e7477bedc4719ba7e16b36d855003344822954c6963511625e6a740eea11650.apk

  • Size

    662KB

  • MD5

    6a006852e82627d329d50d088243158e

  • SHA1

    dba0c779f195690315e45a9efc941caa0232afdb

  • SHA256

    2c054cac2457e115bfd419be7ccecff5feba17a974e1a65b1b5a94129ec4d80f

  • SHA512

    537e0af67153ce92a1f9016e919b57fbebe7062d1fd098c375b5a5384174f16c974cd4c489028f7ab0afefb206d5564e7b663685cbc5ef944994673a7d2b1896

  • SSDEEP

    12288:FDOl+dl8W7FaigCPnOuj/8KmC/ab5KbA7criWQX2xpJd9c:FDe+UW7Fpv+KR/aVK07q/QmxpJd9c

  Score

  10^/10

  alienbotbankercollectioncredential_accessdiscoveryevasionexecutioninfostealerpersistencestealthtrojanimpact

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Prevents application removal

    Application may abuse the framework's APIs to prevent removal.

    evasion

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Checks CPU information

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery

  • Checks memory information

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Obtains sensitive information copied to the device clipboard

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact

  • Queries account information for other applications stored on the device

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection

  • Queries the mobile country code (MCC)

    discovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Registers a broadcast receiver at runtime (usually for listening for system events)

    persistence

  • Acquires the wake lock

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Schedules tasks to execute at a specified time

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  behavioral1behavioral2behavioral3