Extracted

• • Target

    89483eb024e0ef407ed654efd45527390b51559453473fa388357216c38d0979.bin

  • Size

    3.7MB

  • MD5

    ff065ca5e98ea4d5b8ace14c1fdc9471

  • SHA1

    333f5d5aae17366685ed3783a81bf7bf888bbc54

  • SHA256

    89483eb024e0ef407ed654efd45527390b51559453473fa388357216c38d0979

  • SHA512

    de2787aaa37d5e13bfb76ff5f1e6aa770fbd5e37d1161bce848193925ae33ec3901e01083f7affa6a642b0c03ffbfb42054219ca6a06ee66fdc566cd0a5eb9ab

  • SSDEEP

    98304:hX0jXcKay8gfBYLdWfQhln9o/5//9v5BngNFTUgIwrLlg/m1Va4k3hAxU:4Xc88AYLdWq9GXBng3swfAm1ED2U

  Score

  10^/10

  alienbotbankercollectioncredential_accessdiscoveryevasionexecutioninfostealerpersistencestealthtrojan

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Queries account information for other applications stored on the device

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries the mobile country code (MCC)

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2