Analysis
-
max time kernel
341391s -
max time network
153s -
platform
android_x86 -
resource
android-x86-arm-20231215-en -
resource tags
-
submitted
16-01-2024 22:02
General
-
Target
d5be61f974234f7ee6e4eaa21072a45c77f9d5742101842b58bf3381033154f5.apk
-
Size
937KB
-
MD5
172db8f1dcdd7152609f820a5b6ddb0c
-
SHA1
3f28c6a36126a71a9c132209275c4c6414666ed9
-
SHA256
d5be61f974234f7ee6e4eaa21072a45c77f9d5742101842b58bf3381033154f5
-
SHA512
31a6108d1b4eef9381524d44201d2c9807614cbbd158260a6b39a74311b3bd2ebc0125ea995ca1883f2c5e3e011960698f77db170a5d5910712f9965c449c64e
-
SSDEEP
24576:Ovnc5Fq+9iXoDM4gsuXYiLHzSV+1g/G1Pa:4+FeoDM4puXV6Y1g/Ia
Score
10/10
Malware Config
Extracted
Family
ermac
C2
http://193.222.96.25:3434
AES_key
AES_key
Signatures
-
Ermac
An Android banking trojan first seen in July 2021.
-
Makes use of the framework's Accessibility service 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
-
Removes its main activity from the application launcher 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
Processes
-
com.zehopitexeyixidu.pexi1⤵
- Makes use of the framework's Accessibility service
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Removes its main activity from the application launcher
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Uses Crypto APIs (Might try to encrypt user data)