Analysis
-
max time kernel
17s -
max time network
148s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
19-10-2024 22:09
Static task
static1
Behavioral task
behavioral1
Sample
85fa90ccb4e51f82fcbd2d20eb6aa05788def9235f7aba979f77a11fdb65df83.apk
Resource
android-x86-arm-20240624-en
General
-
Target
85fa90ccb4e51f82fcbd2d20eb6aa05788def9235f7aba979f77a11fdb65df83.apk
-
Size
3.3MB
-
MD5
e1de2024bb46ef51a7403a198ee2a50c
-
SHA1
59dd12676fb2f6eb53f5976fadc9304aaec9b961
-
SHA256
85fa90ccb4e51f82fcbd2d20eb6aa05788def9235f7aba979f77a11fdb65df83
-
SHA512
64306c7d04f9cd4977bb95d7231d42362eeaf3704f3b238c91a0e372e316c0a330cbaeb6aba549fe55875295c1a6947661ca24cd2fd26afd69ad46b14e0d6701
-
SSDEEP
98304:2ttQSxjZ6K0utb3Ecblg05ao8OYBlePv5VY:2cSdkKxCv0f0
Malware Config
Signatures
-
Ermac
An Android banking trojan first seen in July 2021.
-
Ermac2 payload 1 IoCs
resource yara_rule behavioral2/files/fstream-1.dat family_ermac2 -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml 4331 com.tencent.mm -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.tencent.mm
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6.5MB
MD560d1af7146b2ae8201c506e2c9d9ce6e
SHA1b79d3963b3674b27ffb5c94d73ae91ecef446f2c
SHA256d1c5dbd927110864ec479b31d63df52a459812c7cce24c264de4bbaa93e6103f
SHA512ab8c78682462aac1c0d19913b25bb004517e1271373b1bed2b63b9ef6e58835657dfe5512ee9f5a3f3fe8549890581ab0faacb8a35c2ee1c556d9b708cd8ee4c
-
Filesize
4KB
MD50eb157e1a86d4d00aa601dd2f6ff3ee3
SHA1fee434f784e73cc7916322e949f727caf8363102
SHA256b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4
SHA512b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8
-
Filesize
512B
MD5f78cb95e8b4eab8645fa809573a92116
SHA17982159d8a83746517c9f0e2741cd135aeb5f4b7
SHA256671bee134940c3ec7a036237c06bb7dee9e051d7c68af7fdfb6b6ed6599482e0
SHA5127ee8460e13c7e0717b1166d9a32f4fe2714ed0e0cc934c76ab5f6519b2efbfba7c39bbfe5e1be8a2317c3a9697db5331d2bcc3907d4f64df6cfdc704e72c1dea
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD587430a60cbfbab932689611b50b6d884
SHA19be12b4164ad1a7e683e73d25b8ce553ebe3344b
SHA2566672984fb2f4b07ab89b3a4959d277763fc02ed4f607ae7741353f49834da099
SHA512a8e74788edd0eaf44893917d5313f350371e4afbba28a9e873a5aa5abdc5a69bc77563aabb90d2badd6dd52088a421111e3012cbf15066bfb533aa8833a176a9
-
Filesize
108KB
MD59aab49ef01c6ea18a50ac6d5a7528779
SHA1b4372f3aa71f2deeba7de439a416b41104b15b84
SHA256a946cb585e6fe6f0f8619530a3e545b3b6d23be9323b62ea152ea518f9d3c7b2
SHA51277a3a59a09734e919eb9a4a1dcbe773b2bd495e23c67b26fb827035752587447e79099f09e1e4508cbce8a3cb63c033255faccbcd8396b4e46074c6b757f52b9