Extracted

Extracted

• • Target

    025e03b86cc4ba86493846f520b54cad.bin

  • Size

    1.9MB

  • MD5

    025e03b86cc4ba86493846f520b54cad

  • SHA1

    e7bf5eade97621895df0b9c72d69928feeee9c93

  • SHA256

    7e8a66852594a9789e1db2580dd5ed3a5be74684f2fd121a75e38f3a4954beab

  • SHA512

    99d226b342556d6e5a2d7edf8b42164c91648cd1ebb77eddd34307ca7d8a58be6ecc2c7d3530f24993f927249fd14b09d81212da8e5e0a2b768488377ed3ee8d

  • SSDEEP

    12288:R5wwCuRnMIzwCbnLlG+rWwEfW+l5Wc7Xn45:RAsMIzwCbLlG3PfWJc7Xs

  Score

  8^/10

  evasionstealthtrojanbanker

  • Makes use of the framework's Accessibility service.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    banker

  • Removes its main activity from the application launcher

    stealthtrojan

  • Acquires the wake lock.

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Legitimate hosting services abused for malware hosting/C2

  • Removes a system notification.

    evasion
  behavioral1behavioral2behavioral3