Analysis
-
max time kernel
146s -
max time network
155s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
-
submitted
13-03-2024 22:03
General
-
Target
1550db6ad2d0dae3b9e36c3d5b964ac04b084973a5d27cd763e41e106499545b.apk
-
Size
974KB
-
MD5
478cafdd3384730ae4736e00bdbe2f16
-
SHA1
d24dd8f9c752f0145c81b5b9401d084bcd52d962
-
SHA256
1550db6ad2d0dae3b9e36c3d5b964ac04b084973a5d27cd763e41e106499545b
-
SHA512
cca1e525bab07db99e6e8b83db0d81b3a43e43c1374b5207262cc347d9b1a5b9d0832c0cadd8c79775d0b1e087d35d5c61cc8e3192c9c4b567018f44db65178a
-
SSDEEP
24576:UCb2ienMizzXTwPrLhshCmCcC9CtCuCfC+CxCuCLgSfU7Rd:UCGJzzXmPwPFgcXSX4nqgSSRd
Score
10/10
Malware Config
Extracted
Family
ermac
C2
http://45.128.96.74:3434
AES_key
AES_key
Signatures
-
Ermac
An Android banking trojan first seen in July 2021.
-
Makes use of the framework's Accessibility service 2 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
Processes
-
com.jakedegivuwuwe.yewo1⤵
- Makes use of the framework's Accessibility service
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Removes its main activity from the application launcher
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Uses Crypto APIs (Might try to encrypt user data)