Extracted

• • Target

    671c4a8a4cb0d566471e3bc405db08daf9e47d1593014c8fb59fe3b136bcaace.bin

  • Size

    1006KB

  • MD5

    6353c4af6b6ddf9940884d2c38f38acd

  • SHA1

    1f1e736c59654d3f98aa24d5b1250f1abae12f57

  • SHA256

    671c4a8a4cb0d566471e3bc405db08daf9e47d1593014c8fb59fe3b136bcaace

  • SHA512

    6d4b5c4e36b17fc5201292404b3d012be495d2040a60af4987f21b90c34a77f58553f12f3945077c371778b0feb7d85c51eae271866742921373721e3cfcd4e7

  • SSDEEP

    24576:vmmpWhJwuI9QgMprkJ0qEbRCxCnCiCmCVCUCZCGCxCzHaWgx:vmpJbAQX3RcqTLQFErsAHaX

  Score

  10^/10

  ermacbankerevasioninfostealerstealthtrojan

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher

    stealthtrojan

  • Acquires the wake lock

  • Queries the unique device ID (IMEI, MEID, IMSI)

  • Reads information about phone network operator.

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3