Extracted

• • Target

    dcc65f578fb635be7eabc054d7a34d5fc7c8e089d4b04d99e8376c99bbdc96d4.bin

  • Size

    1002KB

  • MD5

    d93d606967a9022309a48d11f24e90e8

  • SHA1

    2420298b831dd48ba0edbefa98ead27cbb6d0fb0

  • SHA256

    dcc65f578fb635be7eabc054d7a34d5fc7c8e089d4b04d99e8376c99bbdc96d4

  • SHA512

    392a05c713763b0310b6b7babd2731c1b26dffd45f1ea399541ee30dcf759e1f94c5c820264e6027202bee870b649f87c2dd8b54a4511b0c504187407df30047

  • SSDEEP

    24576:0A8I2eBvyQnP5v6oFk/h4ffa/pUnZBG5d89d8nd80d8Ed8Vd8ad8Fd8kd8Bd8oah:E1gyk5vJ44fkxh

  Score

  10^/10

  ermacbankercollectionevasioninfostealertrojandiscovery

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Acquires the wake lock

  • Queries the unique device ID (IMEI, MEID, IMSI)

    discovery

  • Reads information about phone network operator.

    discovery
  behavioral1behavioral2behavioral3