Extracted

• • Target

    Photo.apk

  • Size

    2.9MB

  • MD5

    e70f15ca7e19c14196bb425fd8aeedf4

  • SHA1

    94c8a326b85d54d133dd8c981bcb25ea025a0500

  • SHA256

    c5b5258fd53888100d21f69181f8f84643fd76a03343570c9aeb9f9ac4b9ad08

  • SHA512

    36c6eb15c3b13e378666e3d36e94bdea977988914d17106b11af06cec6066fc585aa572d9f4546c5e43ed2ce50f7e39785831bef3526e5b1cb7a8a5a30a3acf9

  • SSDEEP

    49152:B7MG0Eg88ZOr4fVdhsF+dL8loJ0VWZ5+9GrHV4:xMX88ZI1CDHV4

  Score

  10^/10

  ermacbankerinfostealerransomwaretrojanevasionstealth

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac

  • Ermac2 payload

  • Makes use of the framework's Accessibility service.

  • Removes its main activity from the application launcher

    stealthtrojan

  • Acquires the wake lock.

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Queries the unique device ID (IMEI, MEID, IMSI).

  • Reads information about phone network operator.

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Removes a system notification.

    evasion

  • Uses Crypto APIs (Might try to encrypt user data).

    ransomware
  behavioral1behavioral2behavioral3