Analysis
-
max time kernel
1872696s -
max time network
166s -
platform
android_x64 -
resource
android-x64-20231215-en -
resource tags
-
submitted
15-12-2023 22:32
General
-
Target
9d36f9ad8dbc04ee626aea6edf2b0e01bb28b08ec3dbfec2b65c123080512630.apk
-
Size
2.0MB
-
MD5
38cb19ae295884c433d292d25e41dc99
-
SHA1
9bbbf3a73b5ddf767a8fd7843677d96275296294
-
SHA256
9d36f9ad8dbc04ee626aea6edf2b0e01bb28b08ec3dbfec2b65c123080512630
-
SHA512
bdaffbf5d961547742fbaa21400a53a50a70f68a2fc6161815450208ccf6831c7e67f796c3692d3b5e19eade252fa845a21073554768219ab5f4a0dc63952431
-
SSDEEP
24576:B3RCvyd5u/3dxMzMKrH0/+eS4fQu5UYJH8TyMMVb7t8bBJV90IMCTZfwMp8rQTTD:B3Qyd8Vx1+b4fwtd7p8STD
Malware Config
Extracted
ermac
http://193.106.191.148:3434
Signatures
-
Ermac
An Android banking trojan first seen in July 2021.
-
Ermac2 payload 1 IoCs
-
Makes use of the framework's Accessibility service 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher 3 IoCs
-
Loads dropped Dex/Jar 1 IoCs
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock 1 IoCs
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
Processes
-
com.doviveracolo.cejexawo1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
452KB
MD5bc88560b9ec5a5319ed7d5bd28d5483d
SHA11e8aabb636eb680509a40d91b9eb9d02e77068b7
SHA2563b063969d1a601f0b1038e70d17bff77fc66e2c33684cdaad16045dd13ecd491
SHA512de25119ce72e93ec75922fceb1df73d7e7cc9dae051ad9b98ee04f5961c7e1e72a62b672a16b9763df506b4af415d569f49b28e825fd2973287e2536e60ba19b
-
Filesize
452KB
MD51f646ef1e5f6bb9d03ed3ad290cd5014
SHA15cd6ef4249d390a5bb9455a3670143c5089cb421
SHA2561babf9295c8d23a4c60c50edd768bd9a6d7c69a7a1e6101702a3e30b74edc8f1
SHA5121b6fc1f1fd324b39b7be3dcbd2323f45b17f6f81a297059ce072b94f6325686fd6ad49b4ad080cc5c72fea493fd56f51a298b83198b865faa84f8038b22e7ffe
-
Filesize
637B
MD58562484ceab32f0d5c452980ba0a3294
SHA14db0ad4f33998a03e2319b07a45c2d2c8a8198f0
SHA2565f53023b5a39a4ee6e1feb1e9e51e2b38cb9cb561858fb75fc0436a6bb8f42d6
SHA51207ee280e4d219a0216b628c09d8bf870b6a30e4724537cad803b16459e5d87ea29b834d8ebaac7080d1f7f2768865321e2116418036c0ee69ed7c11ef5368463
-
Filesize
890KB
MD5d2ebd5c304276788879155afdf0835a8
SHA1a31d818c0a993cf6d3abf7e241778b85c64c5120
SHA256528aa308c7d320e75fa5c55ef8e5f029b479eb0932b350a698c7d6fad526c7d6
SHA512846c126e0365d3fda1452bde0e4049edbe3e2b11d368b53558f8af5d46ff6d6994c24d2d63ada36647821757276c02515f8de5cf9d68bf0b20979b5180cc4495