Extracted

• • Target

    d0f2acf0aecff42e9763f2259f9f4fc77ad8eba0661f20ec3492b5ef3227c208.bin

  • Size

    1019KB

  • MD5

    4c625d7f9fa621a2e84998a712e13975

  • SHA1

    0cd367cb14fb20669f996c5af5f33bef025de2a2

  • SHA256

    d0f2acf0aecff42e9763f2259f9f4fc77ad8eba0661f20ec3492b5ef3227c208

  • SHA512

    b1627d5037893aba7a534f6e1302927208092e33396116d03169f70ebc053fba684e324790c9ff9e8fed6f786c414fb9cd3bbcb1f4daa31572ec65e12da7c193

  • SSDEEP

    24576:IYpQPr+uSX8WovfLhVp+oW5nHB5mGtmo1uZGkDrpq:TpQPmMWov9VEZnHHmG8o1dQq

  Score

  10^/10

  ermacbankercollectiondiscoveryevasioninfostealerstealthtrojan

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac

  • Ermac2 payload

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Removes its main activity from the application launcher

    stealthtrojan

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock

  • Queries the unique device ID (IMEI, MEID, IMSI)

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3