Analysis
-
max time kernel
156s -
max time network
164s -
platform
android_x64 -
resource
android-x64-arm64-20231215-en -
resource tags
-
submitted
17-02-2024 22:03
General
-
Target
4829477311b0acd4dddd9d127c29da97ed760eda4cdfea8854cb8af7d8f4657c.apk
-
Size
1000KB
-
MD5
5a283d9cf0877bcdb1522617d211208d
-
SHA1
ceb77fac48d96a0c547344570120799c1ec1a6cb
-
SHA256
4829477311b0acd4dddd9d127c29da97ed760eda4cdfea8854cb8af7d8f4657c
-
SHA512
27f2c9d91860f7551bb3f380a10dd9cb755052b3bfcef7c665c75b5f94b9c315f7569afe260ae2a0fedc087e64dcec1b1ccf84c72a2e2d3cfd2d12358749b91d
-
SSDEEP
24576:z9l+lhtHaoPqts+wyyMrtlwVKsQGg/i7oBcUS:hQlhVDPqqhylxltbGg/TxS
Score
10/10
Malware Config
Extracted
Family
ermac
C2
http://74.234.3.141:3434
AES_key
AES_key
Signatures
-
Ermac
An Android banking trojan first seen in July 2021.
-
Makes use of the framework's Accessibility service 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
-
Removes its main activity from the application launcher 1 IoCs
-
Requests enabling of the accessibility settings. 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
Processes
-
com.taciciyarodayape.dedinoze1⤵
- Makes use of the framework's Accessibility service
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Removes its main activity from the application launcher
- Requests enabling of the accessibility settings.
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Uses Crypto APIs (Might try to encrypt user data)