Extracted

• • Target

    20bfd2b2466fad95b88cf5067b29a0dbabf5016ccbffbb3a672c7366b8ec7dfb.zip

  • Size

    3.8MB

  • MD5

    42d05c75286bcfaff3d1721d813f182b

  • SHA1

    e28b64dcfcd1f985e66557e9defa50893d3673e0

  • SHA256

    20bfd2b2466fad95b88cf5067b29a0dbabf5016ccbffbb3a672c7366b8ec7dfb

  • SHA512

    65cedc6f876bfd56b7dcc797cde5471a27aa5cdb83a1ed0e52265b5ba6b3e3a1a787587e1377f7cb4a5f51e45343a863493cbf07f25a57da0b5940f8638eac76

  • SSDEEP

    98304:btyuPe0dVqg8144bQimzLzBATc0tUSaKz:htGrg81lQNzKvDR

  Score

  7^/10

  bankercollectioncredential_accessdiscoveryevasionexecutionpersistenceimpactphishing

  • A potential corporate email address has been identified in the URL: [email protected]

    phishing

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Obtains sensitive information copied to the device clipboard

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Acquires the wake lock

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3