Extracted

• • Target

    36.apk

  • Size

    2.2MB

  • MD5

    366134f007de0bede5afb773774c4064

  • SHA1

    62bec235f1067baf34a0d0b93dfb63e554e65071

  • SHA256

    739d83c8ca63e674d56bc4c6024eac790d66d460c27437f47009fed834d47feb

  • SHA512

    11b8f919c2a2b92d3e8d48a4f586bf5c13123e976bb4980372f80d57bf43b65e8fdd04e69f4cd1c3a293da58c69cc7d4a0fcc4b4cdb5fa4f521f54a0011caa1a

  Score

  10^/10

  ermacbankerevasioninfostealerransomwaretrojan

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac

  • Ermac2 payload

  • Makes use of the framework's Accessibility service.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    banker

  • Acquires the wake lock.

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.

  • Removes a system notification.

    evasion

  • Uses Crypto APIs (Might try to encrypt user data).

    ransomware
  behavioral1behavioral2behavioral3