Extracted

• • Target

    cb27e4531fb2c11b30d7f149a5fdf6b802137b7bc04426dc27e089c6353ed3e2.bin

  • Size

    1.5MB

  • MD5

    caf8ce8f4987e423481b28b00587ab73

  • SHA1

    97845805f238b05440e6bc96421d01de5925668d

  • SHA256

    cb27e4531fb2c11b30d7f149a5fdf6b802137b7bc04426dc27e089c6353ed3e2

  • SHA512

    bcb265526f51135c2a3d5ad750abb0f0664cd121f3a45fd417793d8544e25655f4e9fe629b337f60c5440a9bf82b874a0022f1761064fd4fac5ac99338a4712c

  • SSDEEP

    49152:M5EIKco/5XVCHt0Ckhq2sFxYnSk/CL/n2a:MmIZo/5lCHtGhq2ksr/+2a

  Score

  8^/10

  bankercollectioncredential_accessdiscoveryevasionimpactpersistencestealthtrojan

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery

  • Requests enabling of the accessibility settings.

  behavioral1behavioral2behavioral3