Extracted

• • Target

    33cdbe122b9770036722663c25cf778b6480973d8acf03c5a926f1b8b4d27e03.bin

  • Size

    1.3MB

  • MD5

    5086a26a597b08bcced09645ce779827

  • SHA1

    48c041273dfad4e45fd39bc998190586c6fbb23b

  • SHA256

    33cdbe122b9770036722663c25cf778b6480973d8acf03c5a926f1b8b4d27e03

  • SHA512

    9213ef314d1b65f2751e4d78e63d8e3051654c55d10217453fc2123fc31f34f428bca6dd180ad49914a72a35fd27da7e301b735d32179a96867d0191589c02cf

  • SSDEEP

    24576:aGTQvsnp/n891veoYJjrxBld7LMcnw6cmbDtz0uhuh1tzBozSkHdjDAg/OzfNNA:MCp/8912zJ/xBld7wcB3t/oDttDWAg/R

  Score

  10^/10

  ermacbankercollectiondiscoveryevasioninfostealerstealthtrojan

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Removes its main activity from the application launcher

    stealthtrojan

  • Acquires the wake lock

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Queries the unique device ID (IMEI, MEID, IMSI)

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3