Extracted

• • Target

    6da8e49d8e083ec705985effa03cdb60cdd736f04ed711211b2a3842c815a708

  • Size

    4.5MB

  • MD5

    9be332949fff5d1c9492c2c93f12aced

  • SHA1

    98ff85cb039c913aa902669b12207ca9db938aba

  • SHA256

    6da8e49d8e083ec705985effa03cdb60cdd736f04ed711211b2a3842c815a708

  • SHA512

    c0d4214a75015f3b44c14f9fa6ac60efee8a6dd0e6fda0295b5a337021451ca5d2ecca34bf78cd9ca1edf0bc71ab7d1f0f10e2bcd0d6c9afdb82dc856bb7c958

  • SSDEEP

    98304:BPGInkqO49d7I/ckRh8HVQtstir0D0eVD0ND0gD0EnD0nAzD0rD0ED0/cTf:B+Ikc5I/cLCWD/DcD9DRDCuDiDlDKcT

  Score

  7^/10

  bankercollectioncredential_accessdiscoveryevasionpersistenceimpact

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Obtains sensitive information copied to the device clipboard

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about the current Wi-Fi connection

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Requests accessing notifications (often used to intercept notifications before users become aware).

    collectioncredential_access
  behavioral1behavioral2behavioral3