Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
23ee361d76bfff1a8cf2dd40160e48a1e0ebd171905d149096de694427ee68ce.zip
-
Size
1.5MB
-
Sample
220830-hxmswsddgp
-
MD5
548b51ca14154fbd6f13b7ce97802020
-
SHA1
9fe55567e69413b5f49af51121c05fc2515d8364
-
SHA256
23ee361d76bfff1a8cf2dd40160e48a1e0ebd171905d149096de694427ee68ce
-
SHA512
e9a1867c81fb1d75ac152025e08308b7910a65ec430a2382555fe7ea0e2e20c7bc0f42d6d2dbdf359ddec5f987769ec1975d1a75b5e31f8f0082a017ee2fabec
-
SSDEEP
24576:DtZAIzFHDjOTr4fwWt6kk0dQcsLKOr2oCndN0eqxqyuMjxz2uelu363C6l:xbzlK/4f16kO26eWQ73C6l
Static task
static1
Behavioral task
behavioral1
Sample
23ee361d76bfff1a8cf2dd40160e48a1e0ebd171905d149096de694427ee68ce.apk
Resource
android-x86-arm-20220823-en
Behavioral task
behavioral2
Sample
23ee361d76bfff1a8cf2dd40160e48a1e0ebd171905d149096de694427ee68ce.apk
Resource
android-x64-20220823-en
Behavioral task
behavioral3
Sample
23ee361d76bfff1a8cf2dd40160e48a1e0ebd171905d149096de694427ee68ce.apk
Resource
android-x64-arm64-20220823-en
Malware Config
Extracted
ermac
http://62.204.41.98:3434
Targets
-
-
Target
23ee361d76bfff1a8cf2dd40160e48a1e0ebd171905d149096de694427ee68ce.zip
-
Size
1.5MB
-
MD5
548b51ca14154fbd6f13b7ce97802020
-
SHA1
9fe55567e69413b5f49af51121c05fc2515d8364
-
SHA256
23ee361d76bfff1a8cf2dd40160e48a1e0ebd171905d149096de694427ee68ce
-
SHA512
e9a1867c81fb1d75ac152025e08308b7910a65ec430a2382555fe7ea0e2e20c7bc0f42d6d2dbdf359ddec5f987769ec1975d1a75b5e31f8f0082a017ee2fabec
-
SSDEEP
24576:DtZAIzFHDjOTr4fwWt6kk0dQcsLKOr2oCndN0eqxqyuMjxz2uelu363C6l:xbzlK/4f16kO26eWQ73C6l
Score10/10-
Ermac2 payload
-
Makes use of the framework's Accessibility service.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
-
Acquires the wake lock.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Queries the unique device ID (IMEI, MEID, IMSI).
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Removes a system notification.
-
Uses Crypto APIs (Might try to encrypt user data).
-