Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    foto.apk

  • Size

    2.9MB

  • Sample

    230126-pseeaafa21

  • MD5

    ff5a7566ac2095f3b379c46cb63fd84c

  • SHA1

    716e5a95de367246f5ebc81f955c0a99de57d43a

  • SHA256

    52fb1a93e8366862c7dff046ed8a6f45ad0589fa7a1feceb4aa7cffd5d5cdca9

  • SHA512

    425c5c6eee15cc2bada96e7e9201d063ba63a572c1ce2f1ef829fa5f0d26966f57e0ab64b46ac15b5aeee58b907e4940ff7b82008478d73395128b265b07853b

  • SSDEEP

    49152:YpevLSq/mZoCAdmogSuH7Zdhv/HQF+dL8loJ0VlOoec:0evLL/CoCemPHt21Wc

Malware Config

Extracted

Family

ermac

C2

http://176.113.115.66:3434

AES_key
AES_key

Targets

    • Target

      foto.apk

    • Size

      2.9MB

    • MD5

      ff5a7566ac2095f3b379c46cb63fd84c

    • SHA1

      716e5a95de367246f5ebc81f955c0a99de57d43a

    • SHA256

      52fb1a93e8366862c7dff046ed8a6f45ad0589fa7a1feceb4aa7cffd5d5cdca9

    • SHA512

      425c5c6eee15cc2bada96e7e9201d063ba63a572c1ce2f1ef829fa5f0d26966f57e0ab64b46ac15b5aeee58b907e4940ff7b82008478d73395128b265b07853b

    • SSDEEP

      49152:YpevLSq/mZoCAdmogSuH7Zdhv/HQF+dL8loJ0VlOoec:0evLL/CoCemPHt21Wc

    • Ermac

      An Android banking trojan first seen in July 2021.

    • Ermac2 payload

    • Makes use of the framework's Accessibility service.

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Removes a system notification.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks