Extracted

• • Target

    1236be7fd1385b2543205404d96f37bded28a626d27d1e0a1dd4c570ef6dd2ad.apk

  • Size

    311KB

  • MD5

    c86f20dc93c1d5427ae149ce89e764d2

  • SHA1

    c0f961ba8df77cfe6848b6679b94f398bf2e5053

  • SHA256

    1236be7fd1385b2543205404d96f37bded28a626d27d1e0a1dd4c570ef6dd2ad

  • SHA512

    d8a283b5a5225ddfac96c1be5c21ea90b32df70d5639392c8afbc20d675f838459fe0aa428baf7db7b44beab28006df8801d700190351ae28b12e738acc588aa

  • SSDEEP

    6144:x19xxvzXZYfrhtyjHpj1V6HGdVDse3U0ls6yiAZ4oFT8A9K9LhRFYwbOh4hZm:Rxxv5jHRSmdJse3UiBgTR9K9LnFYwb8/

  Score

  10^/10

  alienbotcerberusbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutioninfostealerpersistenceratstealthtrojan

  • Alienbot

    Alienbot is a fork of Cerberus banker first seen in January 2020.

    bankertrojaninfostealeralienbot

  • Alienbot family

    alienbot

  • Cerberus

    An Android banker that is being rented to actors beginning in 2019.

    bankertrojaninfostealerevasionratcerberus

  • Cerberus family

    cerberus

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access

  • Queries account information for other applications stored on the device

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    defense_evasion

  • Requests enabling of the accessibility settings.

  behavioral1behavioral2behavioral3