Extracted

• • Target

    1eb0bc43e063c54475a610555bbdd641814bf14b60cd3117587d332cebd45b2f.bin

  • Size

    816KB

  • MD5

    1cc330f916b5e9baf2f920f2716d0948

  • SHA1

    83b9f24418122bf52016bc898f3774c3549452d2

  • SHA256

    1eb0bc43e063c54475a610555bbdd641814bf14b60cd3117587d332cebd45b2f

  • SHA512

    eea30c7755e9cc6f0a30c7c9a9178ec07b77cb83d9d8a655260e2999455285607d813752e33334c0e40f66c6808834c14530a1648185aaf5076edb1bfb441802

  • SSDEEP

    12288:JMf2/9mziH2PIwT/2FsCmZIzXRFlH+62pC7pLRYLLLLJi+JvEchgsRa0wIJw:JMf2/9mz/wwTHCMIzXBHbV8vEchftw

  Score

  8^/10

  bankerdefense_evasiondiscoveryevasionpersistencestealthtrojan

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    bankerdiscovery

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence
  behavioral1behavioral2behavioral3