Extracted

• • Target

    app.apk.apk

  • Size

    5.5MB

  • MD5

    a0d8a46bf254f3ab5475df954e051c4a

  • SHA1

    e462168dad636e41a672c8796b1bc2dae7ed3ef0

  • SHA256

    a4e6b5da2e3ff0aeba40b078e64e3062915cbbd243830078b1af5c419f9df3b9

  • SHA512

    eff19dd00daaeb28cc94c023fcba6edf5691be6a6485efc9b113bf89918eb4d117bea9277eaaa5f61dadb3bf25bd58fe13be121e30967ac3b9c93300feed1d69

  • SSDEEP

    98304:XgNNhKyNM+asG10Ob4aKRHOAvI/jJJr3mzPzB3T0W0tIJ2+h:XgNNfasy0ObRKRHFI/jJJ6zpmuV

  Score

  8^/10

  bankercollectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Acquires the wake lock

  • Legitimate hosting services abused for malware hosting/C2

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Requests enabling of the accessibility settings.

  behavioral1behavioral2behavioral3