Extracted

• • Target

    2d47cd1ab3e1438bd6fbe17c5bd1cb055723ac20250943e9dc562ccf8d564eb2.bin

  • Size

    760KB

  • MD5

    90dd43a62b1e8b6e126d744d52d9d665

  • SHA1

    af2471acbf7f80eb79d8b966c8d97be7cb590205

  • SHA256

    2d47cd1ab3e1438bd6fbe17c5bd1cb055723ac20250943e9dc562ccf8d564eb2

  • SHA512

    bf05266acb47185b7eeae1f4bbdc614b939255bed9b44a8cb949ad4365d732d60ff240a72181bdaf5c5d173687528a2c86fb73597995532e53ffc3cfc024f901

  • SSDEEP

    12288:6RUYK1ldKfBZRvSMqNZNsPCAAe5WmpYshXZPbGwidNpgDF:6R7KTMBZRrqNUPCAAe5WmD9idNpu

  Score

  8^/10

  bankerdiscoveryevasionpersistencestealthtrojan

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  behavioral1behavioral2behavioral3