General

  • Target

    d44e53ca92e43d18e026f48ce295b02b.bin

  • Size

    2.6MB

  • MD5

    2267877347813775b6f7f7517e1e0d30

  • SHA1

    addbcc4bee6dba0c0aaa95cfb26c6b391ba9bba3

  • SHA256

    50ffa9268da4db6886903db61e75a0d96b2f516130e84ef99e59ccf06d7ba933

  • SHA512

    c9258dc17e4a17c966877a6d11e358cd1246171f33a5d30b17ff8c5abc26189e7093d05fa8957015c824c599a56a2e573dd523ddc8c80f7266742064ab6f78fe

  • SSDEEP

    49152:eO+mCEG7bJpv/Zfk9oC3fxpAva3BY/9nJz6odYGgmp7Q+K0JeBe:L+mC7Js9osZq/vfZ7Qm

Score
10/10

Malware Config

Signatures

  • Ermac family
  • Ermac2 payload 1 IoCs
  • Hook family
  • Declares broadcast receivers with permission to handle system events 1 IoCs
  • Declares services with permission to bind to the system 2 IoCs
  • Requests dangerous framework permissions 15 IoCs

Files

  • d44e53ca92e43d18e026f48ce295b02b.bin
    .zip

    Password: infected

  • bc0b22a27dc2865e3194c23a0555fb791a17da00ed8935b7d0a118262c786f0b.zip
    .apk android

    Password: infected

    com.fisececitinoje.lalole

    com.fisececitinoje.lalole.yamixesojotawe