Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
android-10_x64 -
resource
android-x64-20240910-en -
resource tags
arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system -
submitted
01/03/2025, 22:07
Static task
static1
Behavioral task
behavioral1
Sample
8dfaaecbc8ed410c8d39999b750d12fa55ff6bfbbbbef5564688da14412c4b18.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
8dfaaecbc8ed410c8d39999b750d12fa55ff6bfbbbbef5564688da14412c4b18.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
8dfaaecbc8ed410c8d39999b750d12fa55ff6bfbbbbef5564688da14412c4b18.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
8dfaaecbc8ed410c8d39999b750d12fa55ff6bfbbbbef5564688da14412c4b18.apk
-
Size
3.0MB
-
MD5
f01c35786e239aec5acc0e4b1fdea4e0
-
SHA1
d9cb0d450658a3e8e6a53f511067b6ed3d6cdc83
-
SHA256
8dfaaecbc8ed410c8d39999b750d12fa55ff6bfbbbbef5564688da14412c4b18
-
SHA512
0780f5f69dcf9b7c0bd55baea0ae1e74e3a96acbf5604a192ca5859dc07ac89401ebc31a8f7b9731451093a5cc36bc9f6d9c0f30ac4dd1363de33ed9df1b67e1
-
SSDEEP
49152:Qxf2jfcyUCOSEd6NcqHD+xsdT0+XbVOhYVAqaf8OpY7hh0bR/GAhN8MRIuEikGcP:QxujkdLSE8NTdPbVOLfDa0b5GAhJEjWw
Malware Config
Extracted
ermac
Extracted
hook
Signatures
-
Ermac
An Android banking trojan first seen in July 2021.
-
Ermac family
-
Ermac2 payload 1 IoCs
resource yara_rule behavioral2/memory/5067-0.dex family_ermac2 -
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Hook family
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.tencent.mm/app_DynamicOptDex/gQw.json 5067 com.tencent.mm -
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.tencent.mm -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.tencent.mm -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.tencent.mm -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.tencent.mm -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.tencent.mm -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tencent.mm -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.tencent.mm -
Reads information about phone network operator. 1 TTPs
-
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.tencent.mm -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.tencent.mm -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.tencent.mm -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.tencent.mm -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.tencent.mm
Processes
-
com.tencent.mm1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:5067
Network
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Process Discovery
1System Information Discovery
2System Network Configuration Discovery
3System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
703KB
MD5e197d08d1cbc1361ca1c843ed7e923d6
SHA193b57e201f9ab3e923ce16f677ab374c70469449
SHA25631fea604cfead93d5ee2bc6ef1392960d38a5ae07764a13401c1036f12e41ab9
SHA5129bec1db413e164c94aea95704eb1b932f79edb877aeac82cf89a133d76a6ca6709c5e2f7823cc102768765f1265d0db16f3ac73c31ea5a7d44ec4334f56c5e5b
-
Filesize
703KB
MD5ae00ca236dac70399f71b6c3f01440ce
SHA10b6c338dfd9a471e9cc908f3daa2e392572974da
SHA256a7998e0a77600b5aae8d7ee10322c1b8db4ebbe3a7a7a8d73e59af9439767bf1
SHA512066c56ec9f77148ef59bc91645986619905f01c98d0990d9eed6f04b39d44429dd2ef9554d10dd57660009a4f7c5d0f96c1ec5b66972aaf742e13fdbf6a2164f
-
Filesize
3KB
MD51440ed5fe3906ecc044730f62cd80a35
SHA142c7235b8be67c2cdb4a272b839f1aa1d4bd2d1d
SHA2561457f899aab9093bcec58ba5f3c1573e3d06ba116acb63008ceb0023617ee45d
SHA512f9b351ecf0daa88ffbca23cf7fce0d5363c5e2af639872b2cd012c13a8f6535055edd848fe047bfc82b1e6674aff47647e30b6c89e3f594582aa8c9e739579a4
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5f1af8fb51d4a3aab6babe3ed0ddf4721
SHA1ffb6bb5805bf0a6437ba0cbde973f4842566caea
SHA256730bdd835e721ba2b6e545a7e0e713d23ba96d7b84c5361eabf9923da1601f56
SHA5129dce3f9e7136551020b7c65d845e60f8ef750c5e9e8ee9783e2f9e47a145b19a4bacadd362d172ba2d0726a7c103c8163bf991a9dd7c31f146580cba0f5ec862
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD501bef5c3ad531b7b8661fba52ab65a75
SHA109d1cdc53bbce6c17ac85bb7dc7ee071451dcf2e
SHA2569cbc76da45b2322c919bc34f2f664d649cf83a67f9e81865b7096c848805a7ae
SHA5122049828543cc225576ae64e5da55e8f125e39901766fee8042630cce14c79f58dbd40bb1428217b8481c3db787f5f9157c19e08b5384fd586bdb8759f24a0fc3
-
Filesize
108KB
MD5fa8ca010d009eeb67ca43f3821491fb9
SHA1b2781506f5961c2307a60ee9f74525c0a49f88a7
SHA2564da5c133b8f26d30c67ad2a4d99e7f83eb67555ff963f3240d9f09b0edd1d2a4
SHA5123a9c0a14461c091bdf8660b186f8cc8788be0fdae75d7cbba6c62b79ce95fdb4fd1508af066a262ce08c234a65edccc778608d82497107f3592504e86d6ae6f9
-
Filesize
173KB
MD5c4c62ec01f1eb8581a9008701155961a
SHA1b7cfb67832b3f00a7f2d924f4623683ea898f5eb
SHA256288f0d5736c8c1f49e7914346b3c797220f7d19b0db73fff082af87168b7e3b7
SHA51212dcee86317b7f25ccfc67d8eb0eeb5add1d15bb0989367fae341ee48bdf352d51df8f26a222bcec194e15ce17c31f3c40080ab8dd57dcd096b57bc54d1a4399
-
Filesize
1.5MB
MD53e79e0d69fbc50ffafc8cd17ae5ebd82
SHA1b6c9453499b56674b6b5bc81f3535f5800035ca4
SHA256d00bf27b86ace39fbe639b3e024388897181c452341cac0f066b79be122c9cf4
SHA5125c4acb3bcd4970674ed9cd7ec4f3f23acfb2b3777f49bd2421983976f3ab7015bc30bc57d29fb91c4e546b11fa9e9704b812bf86f910e58755000c5be841aa33