Analysis
-
max time kernel
151s -
max time network
160s -
platform
android_x64 -
resource
android-x64-arm64-20231215-en -
resource tags
-
submitted
26-01-2024 22:03
General
-
Target
5908a10d37db029110e17964d83f17b9464d4da23b85f494f38df3bffa867b04.apk
-
Size
1002KB
-
MD5
0833537d187da53ecd06cdd534e0a058
-
SHA1
6fc84d493ca366c8cb80e8fbcfe61146fbfbfcba
-
SHA256
5908a10d37db029110e17964d83f17b9464d4da23b85f494f38df3bffa867b04
-
SHA512
1f99b92c033247596440e2510040bfc030219a6bb5c652a20669b2325d6d3b2bae75284a018ae9af03c3e92bb01de34e68bab9c095ed2d2069f1b895b15b1b29
-
SSDEEP
24576:0cTRRhmisPuir4ffkZnwjVszd87d8Nd8qd8Gd8Pd84d8zd82d8Dd83x:jTRRwiO4fWHx
Score
10/10
Malware Config
Extracted
Family
ermac
C2
http://159.65.52.64:3434
AES_key
AES_key
Signatures
-
Ermac
An Android banking trojan first seen in July 2021.
-
Makes use of the framework's Accessibility service 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
Processes
-
nusku.ermacv2.apk1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Uses Crypto APIs (Might try to encrypt user data)