Extracted

• • Target

    0557ff10b41ff7e0e13098b7496d000d9c4d902aaee6c502a91e3e2d8c83c120.bin

  • Size

    1002KB

  • MD5

    f020794ea7abcfe7d5c01f0fbb1fb49b

  • SHA1

    9dad4b57a54ec8d9117fce8d43c75d668763239c

  • SHA256

    0557ff10b41ff7e0e13098b7496d000d9c4d902aaee6c502a91e3e2d8c83c120

  • SHA512

    5b9a5e9d224ad93ca055af3653fa3aaea0444245018c21ca39e61e5fbf2affa08428d8f1ad404e1d96f90b3ae8a79a59cf27100fd5747c37c0391698f40fa87e

  • SSDEEP

    24576:3VYvQAFuo0h14f+P228JDKcd8Wd8wd8/d87d8+d8ld8Od8bd8id8Z7B:uFun4fqt

  Score

  10^/10

  ermacbankerevasioninfostealerstealthtrojan

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    banker

  • Removes its main activity from the application launcher

    stealthtrojan

  • Acquires the wake lock

  • Queries the unique device ID (IMEI, MEID, IMSI)

  • Reads information about phone network operator.

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3