Analysis
-
max time kernel
148s -
max time network
152s -
platform
android_x64 -
resource
android-x64-20231215-en -
resource tags
-
submitted
21-01-2024 22:00
General
-
Target
0557ff10b41ff7e0e13098b7496d000d9c4d902aaee6c502a91e3e2d8c83c120.apk
-
Size
1002KB
-
MD5
f020794ea7abcfe7d5c01f0fbb1fb49b
-
SHA1
9dad4b57a54ec8d9117fce8d43c75d668763239c
-
SHA256
0557ff10b41ff7e0e13098b7496d000d9c4d902aaee6c502a91e3e2d8c83c120
-
SHA512
5b9a5e9d224ad93ca055af3653fa3aaea0444245018c21ca39e61e5fbf2affa08428d8f1ad404e1d96f90b3ae8a79a59cf27100fd5747c37c0391698f40fa87e
-
SSDEEP
24576:3VYvQAFuo0h14f+P228JDKcd8Wd8wd8/d87d8+d8ld8Od8bd8id8Z7B:uFun4fqt
Score
10/10
Malware Config
Extracted
Family
ermac
C2
http://185.250.243.209:3434
AES_key
AES_key
Signatures
-
Ermac
An Android banking trojan first seen in July 2021.
-
Makes use of the framework's Accessibility service 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
-
Removes its main activity from the application launcher 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
Processes
-
keygen432k.ermacv2.apk1⤵
- Makes use of the framework's Accessibility service
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Removes its main activity from the application launcher
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)