Overview

overview

10

Static

static

6

a43946e9c7...ea.apk

android-9-x86

10

a43946e9c7...ea.apk

android-10-x64

10

a43946e9c7...ea.apk

android-11-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    21-02-2024 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a43946e9c775ee011f2096fc3c6b214c9ff67120e7cc1fc65a871314c77667ea.apk

  • Size

    4.5MB

  • MD5

    b7b97cf97ff8613287235aa92073a011

  • SHA1

    cb865d41b36de015d18592ffc58e21fc678a9951

  • SHA256

    a43946e9c775ee011f2096fc3c6b214c9ff67120e7cc1fc65a871314c77667ea

  • SHA512

    cd194740bcaad2913d9e5b34e5066782cb239b60738f40cf437b6793404be09ab6c58dfce0927181a8d9dedd5528f545176d21a39c666656cf2b4e670c9fec6e

  • SSDEEP

    98304:2zb0xgao/PDnNCZVmorrJnGNBZqiOuKsVFh9B/9Q0/UN0rU/rWcFqDt:o02ao/LNCZVpXJ8bVXdvx1/UN0rUj1FO

Score
10/10
ermachookbankerevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

ermac

C2

http://93.123.39.152:80

AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key

Extracted

Family

hook

C2

http://93.123.39.152:80

AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key
AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 1 IoCs
  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.yFWrHZpr.fjyaObQj
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Requests enabling of the accessibility settings.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.yFWrHZpr.fjyaObQj/app_ded/4gqjO7afyEddxXclTmG02lGCrrkWm6K7.dex
    Filesize

    6.5MB

    MD5

    23e7d3eabfa943b967908956a41ad81a

    SHA1

    fbcddc18efb5657ac233f8b9be4d792831c2d84d

    SHA256

    0c680cb30aef5934d78f0bb006fde3a35a87187e0b5a3616a14cd4da6efe0517

    SHA512

    2cedb09f8e870d6f47f76d44875161ed8ea96f1555b1d7ae2b069694864b84d4f680690c8bbb11de9d046a5882335448f696ff31c42e2aa317c4da28d4d809e9

    Download Submit

  • /data/data/com.yFWrHZpr.fjyaObQj/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.yFWrHZpr.fjyaObQj/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    fae6945267ac4f33004aec740821b831

    SHA1

    537af2249f024a537838002daf923939fa98ccf1

    SHA256

    28f89eb0bb76f0e89dbd2e890c3d3fffe8fa85e6927e7798e35f642c102f18a7

    SHA512

    8dc228979ebed3ea240304f762f814b8d41486341f8e3ce2e168bda06682c1b85c283d17d77d13fb3da642db46ed26a27f6ac857c3560ca52196465bf9049745

    Download Submit

  • /data/data/com.yFWrHZpr.fjyaObQj/no_backup/androidx.work.workdb-shm
    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

    Download Submit

  • /data/data/com.yFWrHZpr.fjyaObQj/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    0eb210b28029984e4b056a0b2a6a40bc

    SHA1

    7bcffcb4ac39d013deacc6fab1d83d86aacb0323

    SHA256

    66b5bcccbc936d5c31276dd3cefcd7069c581f74f82c6a4e6f187aa529a20fbb

    SHA512

    7fa041c4d234715c3d3d31d5c22e12bac6a41e9bbecf6bb85ef5aa4b611a75c203adfa2746662e8da2b77a99d7a23d30e58a363a36a4ea767e5b808afd391f61

    Download Submit

  • /data/data/com.yFWrHZpr.fjyaObQj/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    4ef6072e7c298ff40f414545dc491401

    SHA1

    fa98052dfa9e8d7049d1c099c9544165e5d35db4

    SHA256

    a80f7c426a1aaf301a36c2df0fcae18318e0ac52a8bad3bd0fba396aab77cde4

    SHA512

    bfb7fe89c7bf228ad30ab3a609c14b8a274121d959e491e5e195c621b22183422cd6a76a15b01004dbf979c060d7c3128d43f927e48f1028882391f4ce11ccfc

    Download Submit

  • /data/data/com.yFWrHZpr.fjyaObQj/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    2fa3ac876e0d61435812988f9ea4b75a

    SHA1

    ab48676b9d79ed7188099ad3e97b9ea38ecef427

    SHA256

    02c3f32062ac5248732a92f1609b0c8a526581347d2a9536b43a9ea6de9dd3ae

    SHA512

    8020193ee64b3eed877caa465dadaec2b1928d233970ed6c17db6a129688ab733f0c2fd3743d73ef0fbab9944be3ca328d0d0747520bb636bde8612f92981d62

    Download Submit