Extracted

• • Target

    cfa98092e5444350e718b24fe0fbfaa0aff4f4cb7073fd70a847ed829456b2c9.bin

  • Size

    762KB

  • MD5

    aa4a3fd710340e68ed4f2b005a1a89b4

  • SHA1

    d1f082207360acc5a63787f2640b3c2cb8be4128

  • SHA256

    cfa98092e5444350e718b24fe0fbfaa0aff4f4cb7073fd70a847ed829456b2c9

  • SHA512

    ff47edbcb5819a4cf31ac8f5c08d352df2a6ce9d6b11739244fd6e295211718497ffaea9e882fdb93ff7d8d6760862a4c542becf85e0c7d3be8a28775ac94279

  • SSDEEP

    12288:BpPMGa1a8LreJtlfJ7a5dAe5WmpYshXZPbGwidNpgG:BpUGa1a2eJHf52Ae5WmD9idNph

  Score

  8^/10

  bankerdiscoveryevasionpersistencestealthtrojan

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  behavioral1behavioral2behavioral3