Extracted

• • Target

    62395f9a8e80a24ae915d9b24c4d5c47c0af1cd0c590982cb4c2ee233f6e6d90.bin

  • Size

    913KB

  • MD5

    997a6f8d6b6eb9e196ce39573af35fcc

  • SHA1

    b4723ef1319a9a9c44d06e0536f35ad2d7c0a4ba

  • SHA256

    62395f9a8e80a24ae915d9b24c4d5c47c0af1cd0c590982cb4c2ee233f6e6d90

  • SHA512

    e0964dc987e54e5165cdb7ba7d7cdcdd1ec68925a7e745c97a9d998ba2d47099e5352a9761cf978449294bbb449cfc17fc5d38b3994489b82bed9dfd418636ff

  • SSDEEP

    12288:Oq4M7S/hdbOWVTmrAVPBqzf8d7ZRTBzDGX33xeoX3dJweYrVQgA4qD55j:ON/rNVTmrAVp+8d7x2B9JcJQg/C5j

  Score

  10^/10

  ermacbankercollectiondiscoveryevasioninfostealerstealthtrojan

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Removes its main activity from the application launcher

    stealthtrojan

  • Acquires the wake lock

  • Queries the unique device ID (IMEI, MEID, IMSI)

    discovery

  • Reads information about phone network operator.

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3