Extracted

Extracted

• • Target

    a43946e9c775ee011f2096fc3c6b214c9ff67120e7cc1fc65a871314c77667ea.bin

  • Size

    4.5MB

  • MD5

    b7b97cf97ff8613287235aa92073a011

  • SHA1

    cb865d41b36de015d18592ffc58e21fc678a9951

  • SHA256

    a43946e9c775ee011f2096fc3c6b214c9ff67120e7cc1fc65a871314c77667ea

  • SHA512

    cd194740bcaad2913d9e5b34e5066782cb239b60738f40cf437b6793404be09ab6c58dfce0927181a8d9dedd5528f545176d21a39c666656cf2b4e670c9fec6e

  • SSDEEP

    98304:2zb0xgao/PDnNCZVmorrJnGNBZqiOuKsVFh9B/9Q0/UN0rU/rWcFqDt:o02ao/LNCZVpXJ8bVXdvx1/UN0rUj1FO

  Score

  10^/10

  ermachookbankerevasioninfostealerratstealthtrojan

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac

  • Ermac2 payload

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher

    stealthtrojan

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings.

  • Acquires the wake lock

  • Reads information about phone network operator.

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3