Analysis
-
max time kernel
147s -
max time network
157s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
-
submitted
23-02-2024 22:01
General
-
Target
62395f9a8e80a24ae915d9b24c4d5c47c0af1cd0c590982cb4c2ee233f6e6d90.apk
-
Size
913KB
-
MD5
997a6f8d6b6eb9e196ce39573af35fcc
-
SHA1
b4723ef1319a9a9c44d06e0536f35ad2d7c0a4ba
-
SHA256
62395f9a8e80a24ae915d9b24c4d5c47c0af1cd0c590982cb4c2ee233f6e6d90
-
SHA512
e0964dc987e54e5165cdb7ba7d7cdcdd1ec68925a7e745c97a9d998ba2d47099e5352a9761cf978449294bbb449cfc17fc5d38b3994489b82bed9dfd418636ff
-
SSDEEP
12288:Oq4M7S/hdbOWVTmrAVPBqzf8d7ZRTBzDGX33xeoX3dJweYrVQgA4qD55j:ON/rNVTmrAVp+8d7x2B9JcJQg/C5j
Score
10/10
Malware Config
Extracted
Family
ermac
C2
http://5.42.67.88:3434
AES_key
AES_key
Signatures
-
Ermac
An Android banking trojan first seen in July 2021.
-
Makes use of the framework's Accessibility service 2 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs
-
Removes its main activity from the application launcher 3 IoCs
-
Acquires the wake lock 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
Processes
-
com.mijirugilozi.kibi1⤵
- Makes use of the framework's Accessibility service
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Removes its main activity from the application launcher
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Uses Crypto APIs (Might try to encrypt user data)