Extracted

• • Target

    easy.apk

  • Size

    4.5MB

  • MD5

    2cb58ccb6461e4fe22bb22c0a5f78f9e

  • SHA1

    c3b7edb3536045d3b81ad53c10405f04cf63bb3b

  • SHA256

    67ea3d38bed6ccdaeb3d929edd5afed9b1563d284a291f96e5bfa1c440e1a6dc

  • SHA512

    7245bebb6d9ef67469c6e7ece51f7fd8c74642cf2be7dd3a6519fc1c2ac7d196628db6f773ab939cb4386c180546dfdf5be930e0a8e3981d066a62b25768a913

  • SSDEEP

    98304:X9Aa3ecc0RLn60fR/1pL2LtrTCqcXuJt+jMWdJQ:XCOx2tc5MWdJQ

  Score

  10^/10

  ermacbankerinfostealerransomwaretrojanevasionstealth

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac

  • Ermac2 payload

  • Makes use of the framework's Accessibility service.

  • Removes its main activity from the application launcher

    stealthtrojan

  • Acquires the wake lock.

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Queries the unique device ID (IMEI, MEID, IMSI).

  • Reads information about phone network operator.

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Removes a system notification.

    evasion

  • Uses Crypto APIs (Might try to encrypt user data).

    ransomware
  behavioral1behavioral2behavioral3