Extracted

Extracted

• • Target

    4700a4e1f24f2d74a1d66f82ad12bd87f190756cfcf815c3e21b6c6282e0d0c3.bin

  • Size

    2.4MB

  • MD5

    ef93ba12fecfa1420fa8eef85e79564d

  • SHA1

    50c1a8eb6fdc3f7233ba705ffca1e5ae30c9d83e

  • SHA256

    4700a4e1f24f2d74a1d66f82ad12bd87f190756cfcf815c3e21b6c6282e0d0c3

  • SHA512

    bc63552ef3830616723d3665330b96f54ca19995139fc4bf480acba2a7ede4a5d4ceba5350503d13a8245cbef9eb4651f9079496e9d6000fdbbc24074509f5b8

  • SSDEEP

    49152:x5R6B8ocgwMdPFn2k637nHEHgC1HrylbQlDaf5rMyObPEjA6:x5RJs3VFornHTC1HK6OfeVPEjA6

  Score

  10^/10

  xenomorphbankercollectioncredential_accessdefense_evasiondiscoveryevasionimpactinfostealerpersistencetrojan

  • Xenomorph

    Xenomorph is an Android banking trojan that is seemingly tied with AlienBot.

    bankertrojaninfostealerxenomorph

  • Xenomorph family

    xenomorph

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access

  • Obtains sensitive information copied to the device clipboard

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Reads the content of SMS inbox messages.

    collection

  • Reads the content of outgoing SMS messages.

    collection

  • Acquires the wake lock

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery
  behavioral1behavioral2behavioral3