Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8c89fa9a0d6656b60ac91018a1feff58945b07e560b549a8f56440a2d00377d7.apk

  • Size

    3.1MB

  • Sample

    230123-w75ncaef67

  • MD5

    a15476b0f5d1d9ccf50b5e6e31eba3a4

  • SHA1

    4a1146a55ff0b47d311ce7ab0ee70795c3b32844

  • SHA256

    8c89fa9a0d6656b60ac91018a1feff58945b07e560b549a8f56440a2d00377d7

  • SHA512

    66830d7df5932669ba4f18385087b6b6ecffec04629ecf74e5b35bfd0f88585074b17b33f0596e6876fd5da250e00504da89829e35772aab5d949368d9716aa4

  • SSDEEP

    49152:e7MG0EzlbtAcVOjU9Khb7IRvU4fHdh01vOlCr6Nz1Hbq3cy4+HHikKV:OMclbtAcVOjUG8NQOoq1Hbq3/HCbV

Malware Config

Extracted

Family

ermac

C2

http://176.113.115.66:3434

AES_key
AES_key

Targets

    • Target

      8c89fa9a0d6656b60ac91018a1feff58945b07e560b549a8f56440a2d00377d7.apk

    • Size

      3.1MB

    • MD5

      a15476b0f5d1d9ccf50b5e6e31eba3a4

    • SHA1

      4a1146a55ff0b47d311ce7ab0ee70795c3b32844

    • SHA256

      8c89fa9a0d6656b60ac91018a1feff58945b07e560b549a8f56440a2d00377d7

    • SHA512

      66830d7df5932669ba4f18385087b6b6ecffec04629ecf74e5b35bfd0f88585074b17b33f0596e6876fd5da250e00504da89829e35772aab5d949368d9716aa4

    • SSDEEP

      49152:e7MG0EzlbtAcVOjU9Khb7IRvU4fHdh01vOlCr6Nz1Hbq3cy4+HHikKV:OMclbtAcVOjUG8NQOoq1Hbq3/HCbV

    • Ermac

      An Android banking trojan first seen in July 2021.

    • Ermac2 payload

    • Makes use of the framework's Accessibility service.

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries the unique device ID (IMEI, MEID, IMSI).

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks