Extracted

• • Target

    9a1ad89234fbe8a6ad1eca73c15e1e9f784b770d0f5c8cc8f7d025eeaea3e61b.bin

  • Size

    1.1MB

  • MD5

    e9742d2b7d663770ee70827b626c0cef

  • SHA1

    6b4c56d0c3a6b067049bf93964cbb7e463e312dc

  • SHA256

    9a1ad89234fbe8a6ad1eca73c15e1e9f784b770d0f5c8cc8f7d025eeaea3e61b

  • SHA512

    3cb4e259da3aebc31dbdcfca93c56a363a59c5671a6b6badf1e9c6a66dfacc8b3e4e9d71b2d3d83a7417cb62b3aebae5550076c3bb856794221c1583abeeec58

  • SSDEEP

    24576:UbChabE7bgPH3hqyGKb3lA1uojyw0ug/GRQG:UbChaA76sg3CuXJug/NG

  Score

  10^/10

  hookcollectiondiscoveryevasioninfostealerrattrojanbankerstealth

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Acquires the wake lock

  • Reads information about phone network operator.

    discovery
  behavioral1behavioral2behavioral3