Extracted

• • Target

    559c83195365a1c52b75e4a9eabb40de_JaffaCakes118

  • Size

    2.5MB

  • MD5

    559c83195365a1c52b75e4a9eabb40de

  • SHA1

    3c2420595c84e8e4d3ac8b3898c9457c0489d8f1

  • SHA256

    f648e74a8c207cc08da6a5f8a1e4db3975b1a579a23a21f32bc87ea3197e22b8

  • SHA512

    755bbc4de0a1ee32583eea8e80c8d8dd4e7936bd7dc8f5c60b275ffe34ba06bd827d73aa3e78380b38824dd3516c9cec9872eaededeef8379db49cba60e78bb1

  • SSDEEP

    49152:LllGApvtv4FSIB6d/PKAaUxOP6GAgv8X7YtdTbomR7lIKJ:h5tg5BYVabxv8+dvR5R

  Score

  10^/10

  alienbotcerberusbankercollectioncredential_accessdiscoveryevasionexecutioninfostealerpersistenceratstealthtrojan

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus

  • Cerberus payload

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Queries account information for other applications stored on the device

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries the mobile country code (MCC)

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3