hermit | 6eeb683ee4674fd5553fdc2ca32d77ee733de0e654c6f230f881abf5752696ba | Triage

Submit
Reports

Overview

overview

Static

static

6eeb683ee4...ba.apk

android-9-x86

8

6eeb683ee4...ba.apk

android-11-x64

8

Sharing

General

Target

6eeb683ee4674fd5553fdc2ca32d77ee733de0e654c6f230f881abf5752696ba
Size

2.9MB
Sample

231219-3vgt3shfhl
MD5

b0c5b2b4d6678c9faa5140a040a1ab73
SHA1

ca101ddfcf6746ffa171dc3a0545ebd017bf689a
SHA256

6eeb683ee4674fd5553fdc2ca32d77ee733de0e654c6f230f881abf5752696ba
SHA512

4ac35472e292b4491e96d32ccd73f73fef10ed90070bcc16d1c69b0c800762a47fde01871a75274b2036eeb76705767c9a4d282e1f57bf55931da9011195e2fd
SSDEEP

49152:duRML7jNf7mUqyKD/09lXUKhoHvoiUc/l9tZ5yHKhs76ry5K+X6j1VHzfjqD:1jN7xLG/Ul70RUcN9tXkj7eH+Xu1JzfS

Score

10^/10

hermit android banker evasion stealth trojan

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

6eeb683ee4674fd5553fdc2ca32d77ee733de0e654c6f230f881abf5752696ba.apk

Resource

android-x86-arm-20231215-en

banker evasion stealth trojan

android-9-x86

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

6eeb683ee4674fd5553fdc2ca32d77ee733de0e654c6f230f881abf5752696ba.apk

Resource

android-x64-arm64-20231215-en

android-11-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  6eeb683ee4674fd5553fdc2ca32d77ee733de0e654c6f230f881abf5752696ba
- Size
  
  2.9MB
- MD5
  
  b0c5b2b4d6678c9faa5140a040a1ab73
- SHA1
  
  ca101ddfcf6746ffa171dc3a0545ebd017bf689a
- SHA256
  
  6eeb683ee4674fd5553fdc2ca32d77ee733de0e654c6f230f881abf5752696ba
- SHA512
  
  4ac35472e292b4491e96d32ccd73f73fef10ed90070bcc16d1c69b0c800762a47fde01871a75274b2036eeb76705767c9a4d282e1f57bf55931da9011195e2fd
- SSDEEP
  
  49152:duRML7jNf7mUqyKD/09lXUKhoHvoiUc/l9tZ5yHKhs76ry5K+X6j1VHzfjqD:1jN7xLG/Ul70RUcN9tXkj7eH+Xu1JzfS
Score

8^/10

banker evasion stealth trojan
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker
- Removes its main activity from the application launcher
  stealth trojan
- Requests cell location
  Uses Android APIs to to get current cell location.
- Acquires the wake lock
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bankerevasionstealthtrojan

behavioral2

© 2018-2024

Terms | Privacy