Extracted

• • Target

    e663336fe730e52c815c88efe49f06db59713318b6d81290f519a7d7a1b172e9.bin

  • Size

    3.7MB

  • MD5

    c6e0e4ad1e47af7f0fcc8895356eba73

  • SHA1

    c39ea9e310922896844be874b07e7a2ff46b6efa

  • SHA256

    e663336fe730e52c815c88efe49f06db59713318b6d81290f519a7d7a1b172e9

  • SHA512

    cd70b13ce5d4efaad5227b5431e45aa282dcb9a38b4dd3e7ac31c7f1f031209c8181045a0e8d2e55a309ca0afea5d020b94f13ff4536722c4f78b792829956cc

  • SSDEEP

    98304:/lAeJKStt0eT0euXWBihqPCbAk6HlBJNng/H:9KSt+taPiAk6HlBJ6/H

  Score

  10^/10

  ermacbankercollectionevasioninfostealerstealthtrojandiscovery

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac

  • Ermac2 payload

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Removes its main activity from the application launcher

    stealthtrojan

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock

  • Queries the unique device ID (IMEI, MEID, IMSI)

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3