Extracted

• • Target

    f3268bde4497dfc3ddf1102373187bed157bd09acf8942783fa8b0b15a97b5b7.bin

  • Size

    1.3MB

  • MD5

    ea335cfb06458bc13d6ac33d5ca676cb

  • SHA1

    7b477b6eefd0392a887a4f83e508def7202b603c

  • SHA256

    f3268bde4497dfc3ddf1102373187bed157bd09acf8942783fa8b0b15a97b5b7

  • SHA512

    3b5ae2666e15ce773a505eb66958efcf7d8b6bc4e05cac5bc84a1e8acf19ffd75774d16b644963ceab52ba0045e7d0f85f670c96fa88c167313fd200c389a120

  • SSDEEP

    24576:TaYGLtDwVXoC0ezwGnc8Sa0i06mXa/LkwZC8df:+DLJwVXmkP06mXa/LkwZC8R

  Score

  10^/10

  ermacbankerevasioninfostealerstealthtrojan

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher

    stealthtrojan

  • Acquires the wake lock

  • Queries the unique device ID (IMEI, MEID, IMSI)

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3