Extracted

• • Target

    4829477311b0acd4dddd9d127c29da97ed760eda4cdfea8854cb8af7d8f4657c.bin

  • Size

    1000KB

  • MD5

    5a283d9cf0877bcdb1522617d211208d

  • SHA1

    ceb77fac48d96a0c547344570120799c1ec1a6cb

  • SHA256

    4829477311b0acd4dddd9d127c29da97ed760eda4cdfea8854cb8af7d8f4657c

  • SHA512

    27f2c9d91860f7551bb3f380a10dd9cb755052b3bfcef7c665c75b5f94b9c315f7569afe260ae2a0fedc087e64dcec1b1ccf84c72a2e2d3cfd2d12358749b91d

  • SSDEEP

    24576:z9l+lhtHaoPqts+wyyMrtlwVKsQGg/i7oBcUS:hQlhVDPqqhylxltbGg/TxS

  Score

  10^/10

  ermacbankerevasioninfostealerstealthtrojan

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    banker

  • Removes its main activity from the application launcher

    stealthtrojan

  • Requests enabling of the accessibility settings.

  • Acquires the wake lock

  • Queries the unique device ID (IMEI, MEID, IMSI)

  • Reads information about phone network operator.

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3