Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

GoogleMaps.apk

android-9-x86

10

GoogleMaps.apk

android-10-x64

10

GoogleMaps.apk

android-11-x64

10

Resubmissions

15/05/2023, 13:44

230515-q16n6sea6x 10

02/08/2022, 06:20

220802-g3t9gsbgh3 10

Analysis

  • max time kernel
    1564288s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-x64-arm64-20220621-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20220621-enlocale:en-usos:android-11-x64system
  • submitted
    02/08/2022, 06:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GoogleMaps.apk

  • Size

    907KB

  • MD5

    ea449f22d8dd8d8fe8732dd96d69cb99

  • SHA1

    d0656d504fabddb0bccc284976120e1a8299dcde

  • SHA256

    16d5b53c646a760a91b2663ec75035d4a999d4440fbc52e8a96d292d5bee947a

  • SHA512

    0da0a54de3cc28d3d8f8e44748aa2359f048f4c21d319fb2941bd2b4866bb53abdd857b5f27a346daa5b7f79b9a68af89baff598133fb8fe0c1633a820328fe7

Score
10/10
ermacbankerevasioninfostealerransomwaretrojan

Malware Config

Extracted

Family

ermac

AES_key
AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI).
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.ceveluriseze.xuca
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4962

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads