Extracted

• • Target

    e5a0857c9019f76e58ffa81be06213937bf6301209ae92d244b3e4cf1f8aa33b.zip

  • Size

    11.4MB

  • MD5

    963e4533c3dc3510c4e6b7e4dacf58fb

  • SHA1

    3c129103e5c300ab9c74cb9516f1771b62b7787d

  • SHA256

    e5a0857c9019f76e58ffa81be06213937bf6301209ae92d244b3e4cf1f8aa33b

  • SHA512

    d5324f8c46c69f07c54c820ce39ab56497a480e17d83cf9786e84062a70a17e08ee16e3ee0f4620ad153c6821bd362a56613afb8f3d5a1099a12bf8abd6d69a8

  • SSDEEP

    196608:GjAW4HuA1txzG1+qMrYdGdpj8S/RkwDahSMPyI4FTKvJm:ad3A1nn/cds9RkwG3axIQ

  Score

  7^/10

  bankercollectioncredential_accessdiscoveryevasionexecutionimpactpersistence

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Obtains sensitive information copied to the device clipboard

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about active data network

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2