Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

a23d4718e3...be.apk

android-9-x86

10

a23d4718e3...be.apk

android-10-x64

10

a23d4718e3...be.apk

android-11-x64

10

Analysis

  • max time kernel
    102s
  • max time network
    159s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    02/09/2024, 22:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a23d4718e3849fbfa488cba75d5ee41cd78bb8f3528bd48fe8535408bf3b5cbe.apk

  • Size

    1.3MB

  • MD5

    2ab73aaf1f02c6840144d996e2920f73

  • SHA1

    7681b4239706294726afd8d9be47324544c0bb9e

  • SHA256

    a23d4718e3849fbfa488cba75d5ee41cd78bb8f3528bd48fe8535408bf3b5cbe

  • SHA512

    86dbcafc95672957efbeed3d9a7c72dc8bf121f7cf9ac4e358e781380f50dbd1722e0fe0160e5d87c0382e67cb3e5e523c49d2877c76378f8ae5e311bfb485b9

  • SSDEEP

    24576:7Pc9Y2gSvWTXXB+nhDeF1mMv+AOwhJtJtXNKWxZI8uVy:7ugS8Bkhg1mq+APt/XZx2y

Score
10/10
ermachookbankercollectioncredential_accessdiscoveryevasionexecutionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

ermac

AES_key
1
3141317a5031655035514765666932444d505466544c35534c61763744697373

Extracted

Family

hook

AES_key
1
3141317a5031655035514765666932444d505466544c35534c61763744697373

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 1 IoCs
  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Loads dropped Dex/Jar 1 TTPs 3 IoCs

    Runs executable file dropped to the device during analysis.

    evasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • q30g3hge.mb3ebj.jabnhruw
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4962

Network

  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    216.58.204.72
  • flag-us
    DNS
    null
    Remote address:
    1.1.1.1:53
    Request
    null
    IN A
    Response
  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.200.14
  • 216.58.204.72:443
    ssl.google-analytics.com
    tls
    1.3kB
     5.9kB
     8
    9
  • 142.250.200.46:443
    tls, https
    857 B
     40 B
     1
    1
  • 142.250.200.14:443
    android.apis.google.com
    tls
    3.7kB
     7.7kB
     12
    17
  • 142.250.187.228:443
    tls, https
    454 B
     40 B
     2
    1
  • 142.250.187.228:443
    www.google.com
    tls
    8.4kB
     8.6kB
     26
    35
  • 216.58.213.14:443
    520 B
     10
  • 142.250.178.2:443
    520 B
     10
  • 185.216.71.23:3434
    360 B
     6
  • 185.216.71.23:3434
    240 B
     4
  • 185.216.71.23:3434
    180 B
     3
  • 224.0.0.251:5353
    3.7kB
     11
  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    216.58.204.72

  • 1.1.1.1:53
    null
    dns
    50 B
     125 B
     1
    1

    DNS Request

    null

  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.200.14

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Impair Defenses

1
T1629

Prevent Application Removal

1
T1629.001

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Process Discovery

1
T1424

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/q30g3hge.mb3ebj.jabnhruw/app_hkcp.mjc.px8x.lv3/newobfs/0.pobfs
    Filesize

    1.5MB

    MD5

    a35a2ca5f6411271afc2c2b7bc69bc15

    SHA1

    41141d88bf6bb9c33787e8047766c365b91a9b40

    SHA256

    75e889a12912212973af21e72d8b764e7d9848f293b59d4415ea19a04c7032cd

    SHA512

    d4d2920be9bc7c4891c3204732e3d103a3f712c3673c0c90932cb4dcb83dcd001bb478bbae891dcd5d0eb929f278b0d77a694d461ce3e57a514417164ca0a79f

    Download Submit

  • /data/data/q30g3hge.mb3ebj.jabnhruw/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/q30g3hge.mb3ebj.jabnhruw/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    c4bdff9f7e2080226b5c5258892def60

    SHA1

    84473a333060a8f00a2d67257121a82f0a1263fa

    SHA256

    3e930370d9c3e837f7e428d3bfb30cb8d0b9272db8500a99ba1aa64ddf6655c9

    SHA512

    eec64ef39eeec8acb7ea8a71533d7d2ddf037ab2d857df9c1ec9e9e3214d3c1f2a3387daad400f7c8c2927e3592eb80c6e8cf75201d52a54f025ee72907f7761

    Download Submit

  • /data/data/q30g3hge.mb3ebj.jabnhruw/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/q30g3hge.mb3ebj.jabnhruw/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    627a86c6e8c1e08d7bc169162c968998

    SHA1

    b6e5bcb6c61504c1bbd2813149f3e46a342727f4

    SHA256

    d0d53d62d8ccf936c7bb5e210d19e45a8e453cd2fd004fae82f22f3f501759ce

    SHA512

    f29349d1db456bff6e39b694b56029d6b90a23950376a08f5412a3de264f8471adbfb84bc517e5f8886a4d4350482ababd1e18e75b0dd6c1aa324b449ad282da

    Download Submit

  • /data/data/q30g3hge.mb3ebj.jabnhruw/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    35121ffc2e99dcc472f8d7f9a668a5bd

    SHA1

    5e46a0f9671edda8077aa5d07a6c0514fa960120

    SHA256

    7e492ba87a092b2d21563b0d44ed11013e5f746d18d84257eaa7facc73134f7a

    SHA512

    874724041f8aa81992483eac3065c4bd71fb5255cf7d0d98e634696ad1311f3e63acc969c88367f405df2beeb15ff3ff4cfca5b782c0d837421f5bdf054f54d8

    Download Submit

  • /data/data/q30g3hge.mb3ebj.jabnhruw/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    fcc40aba87be9f1707f0bc0c86ea2f9b

    SHA1

    f4bc60ca4aab8fcc4f21ee809d021e119cbde4d4

    SHA256

    4480ec2466d3cb9b47a6b4a7e349a2eb7d9d082d3a62d7d44c5d3ca4c58df866

    SHA512

    6809b585bce7a78779d228214eb7a1e9d8b024b6966c59f8e836f3365ee86cd73ad82d51ddf35db0cb161e80479c122c71d8c509ba26adc1fdfb2897768735fc

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.