Extracted

• • Target

    d21f723c8bead0ae5e14f525b0030f9466b1489b46a0e02a351574b533834f61.bin

  • Size

    3.9MB

  • MD5

    68cd0459b80e664b4c74736ca697eb4b

  • SHA1

    e8c10e3bc2511b4e641f5428af3c8bdda712e2d4

  • SHA256

    d21f723c8bead0ae5e14f525b0030f9466b1489b46a0e02a351574b533834f61

  • SHA512

    a141479702c4a73660f1d9c4579806bc77ea57a4f3365a260b6dd8edc06ac0dd4d5ad7620bc53da11e199e8b17740e3e62fcba3f7e0313380010ce1b33eaac1b

  • SSDEEP

    98304:KeeAnh7yLrED1C+wEOoOAb2JrDlrKr2/5/M9G4CWrBBx0qYpX:/nhArxZAb2JHJwhVFBVcX

  Score

  10^/10

  alienbotbankercollectioncredential_accessdiscoveryevasionexecutioninfostealerpersistencetrojan

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Queries account information for other applications stored on the device

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2