Analysis

  • max time kernel
    17s
  • max time network
    148s
  • platform
    android_x64
  • resource
    android-33-x64-arm64-20240624-en
  • resource tags

    androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
  • submitted
    19-10-2024 22:09

General

  • Target

    85fa90ccb4e51f82fcbd2d20eb6aa05788def9235f7aba979f77a11fdb65df83.apk

  • Size

    3.3MB

  • MD5

    e1de2024bb46ef51a7403a198ee2a50c

  • SHA1

    59dd12676fb2f6eb53f5976fadc9304aaec9b961

  • SHA256

    85fa90ccb4e51f82fcbd2d20eb6aa05788def9235f7aba979f77a11fdb65df83

  • SHA512

    64306c7d04f9cd4977bb95d7231d42362eeaf3704f3b238c91a0e372e316c0a330cbaeb6aba549fe55875295c1a6947661ca24cd2fd26afd69ad46b14e0d6701

  • SSDEEP

    98304:2ttQSxjZ6K0utb3Ecblg05ao8OYBlePv5VY:2cSdkKxCv0f0

Malware Config

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

  • Ermac2 payload 1 IoCs
  • Loads dropped Dex/Jar 1 TTPs 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs

Processes

  • com.tencent.mm
    1⤵
    • Loads dropped Dex/Jar
    • Queries the mobile country code (MCC)
    PID:4331

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mm/app_mph_dex/apk.crazy-v1.AndroidManifest.xml

    Filesize

    6.5MB

    MD5

    60d1af7146b2ae8201c506e2c9d9ce6e

    SHA1

    b79d3963b3674b27ffb5c94d73ae91ecef446f2c

    SHA256

    d1c5dbd927110864ec479b31d63df52a459812c7cce24c264de4bbaa93e6103f

    SHA512

    ab8c78682462aac1c0d19913b25bb004517e1271373b1bed2b63b9ef6e58835657dfe5512ee9f5a3f3fe8549890581ab0faacb8a35c2ee1c556d9b708cd8ee4c

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb

    Filesize

    4KB

    MD5

    0eb157e1a86d4d00aa601dd2f6ff3ee3

    SHA1

    fee434f784e73cc7916322e949f727caf8363102

    SHA256

    b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

    SHA512

    b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal

    Filesize

    512B

    MD5

    f78cb95e8b4eab8645fa809573a92116

    SHA1

    7982159d8a83746517c9f0e2741cd135aeb5f4b7

    SHA256

    671bee134940c3ec7a036237c06bb7dee9e051d7c68af7fdfb6b6ed6599482e0

    SHA512

    7ee8460e13c7e0717b1166d9a32f4fe2714ed0e0cc934c76ab5f6519b2efbfba7c39bbfe5e1be8a2317c3a9697db5331d2bcc3907d4f64df6cfdc704e72c1dea

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

    Filesize

    16KB

    MD5

    87430a60cbfbab932689611b50b6d884

    SHA1

    9be12b4164ad1a7e683e73d25b8ce553ebe3344b

    SHA256

    6672984fb2f4b07ab89b3a4959d277763fc02ed4f607ae7741353f49834da099

    SHA512

    a8e74788edd0eaf44893917d5313f350371e4afbba28a9e873a5aa5abdc5a69bc77563aabb90d2badd6dd52088a421111e3012cbf15066bfb533aa8833a176a9

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

    Filesize

    108KB

    MD5

    9aab49ef01c6ea18a50ac6d5a7528779

    SHA1

    b4372f3aa71f2deeba7de439a416b41104b15b84

    SHA256

    a946cb585e6fe6f0f8619530a3e545b3b6d23be9323b62ea152ea518f9d3c7b2

    SHA512

    77a3a59a09734e919eb9a4a1dcbe773b2bd495e23c67b26fb827035752587447e79099f09e1e4508cbce8a3cb63c033255faccbcd8396b4e46074c6b757f52b9