Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
32s -
max time network
150s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
01/03/2025, 22:02
Static task
static1
Behavioral task
behavioral1
Sample
808b2efcfc28db5b072445482c8123231fd00258d5b3761a6536a3347df2f008.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
808b2efcfc28db5b072445482c8123231fd00258d5b3761a6536a3347df2f008.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
808b2efcfc28db5b072445482c8123231fd00258d5b3761a6536a3347df2f008.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
808b2efcfc28db5b072445482c8123231fd00258d5b3761a6536a3347df2f008.apk
-
Size
2.9MB
-
MD5
6acb44a2a17eb24da5f51b9bf7dfbfe2
-
SHA1
86c6c15e204f7bcc8f18d6e672dbdfe3226030e2
-
SHA256
808b2efcfc28db5b072445482c8123231fd00258d5b3761a6536a3347df2f008
-
SHA512
599f3c2fc349d5f04a088f4e3bf1e0628a6ba1ed04e7e1c9d18c85da9e6bc929263cfd83780d89a85cafca37489864a6107ea5c904aca048c99b22ba85712670
-
SSDEEP
49152:7DHvVps5b5ByeH97lLqHe+7sdT0+XFrkzGqZ9/j7L7EhYVAqaf8OpY7lPAxhK8xE:7DPVSmoVdPFrkzzZ98LfDEAhgJMvyB4e
Malware Config
Extracted
ermac
Extracted
hook
Signatures
-
Ermac
An Android banking trojan first seen in July 2021.
-
Ermac family
-
Ermac2 payload 1 IoCs
resource yara_rule behavioral3/memory/4777-0.dex family_ermac2 -
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Hook family
-
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.tencent.mm/app_DynamicOptDex/miQpStX.json 4777 com.tencent.mm -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.tencent.mm -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.tencent.mm -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.tencent.mm -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.tencent.mm -
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.tencent.mm -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.tencent.mm -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.tencent.mm -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.tencent.mm
Processes
-
com.tencent.mm1⤵
- Loads dropped Dex/Jar
- Obtains sensitive information copied to the device clipboard
- Queries information about running processes on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
PID:4777
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
702KB
MD59b27046e8007dded0e9963257fd1c044
SHA1b65bb1f70731e5a20435269d99906ef0653e5bf0
SHA2561430fae1e99473a5c9d8d047777741e370c7cb94f14db778e889b357d869d7e4
SHA5122289b005955b987be1ec0890bd68625ae3b1c7ad5c853013b93ba396b5f9dd28d0a51c595d0b96b1d8918f11598c229a6a3c1e92a1fb6ce70297f23392fc793b
-
Filesize
702KB
MD5b4ed5beb81681a541c94df8be1a50b13
SHA1ced1fa6359857864ff2af7e54c6f47e8b2013ef9
SHA2569f1c37243f247c0e555422da0754c5d90b51249656dba266d9741541bc3c6726
SHA5129a4c6b62a015fedbe9c168f4ba3544fb3f440f2bb2574fdb0f5658e5b422689837d8eb18ee47b31994808e90d7f8e0cb23a49aa31878d75f973191203bf63bf8
-
Filesize
1.5MB
MD5998753d51562c21f97f24a706e88fb05
SHA1ac7536f8d79055812ff1bb1eb9c7d9859fb552b5
SHA256f74f6f912ea01034f43112487a31bd8e3f3df7ccffa8804c6e6ec9e1995678cf
SHA512b021c1cb0426d24b54b80fe1bc8c056cfac077f616e04e8b5554e34ee31433dc40fb638ca226f00f8e6f2f6350fec643dd7972bacb509f55132aa1f82eff2c1e
-
Filesize
4KB
MD57e858c4054eb00fcddc653a04e5cd1c6
SHA12e056bf31a8d78df136f02a62afeeca77f4faccf
SHA2569010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb
-
Filesize
512B
MD5dd9befed121855897c185ffeccababd4
SHA11ceac5a5fc168767a741cf4c55c9e9b310d55cc5
SHA25635df3733185d0ba1a569eb7a93a813ce57e54199753e1523c67cd8cccb3f14d5
SHA5127b3be3f26dc97dfa2dbdb3a901d27ae298e3393561ea7ef0c270848153b0581cd89c75c1a898e476412157be1c512217d012dd851f92be706d4ae0d370efe5f5
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD545b547a72815314531bdbfdf86f12efb
SHA1d67181e95a3c84a4d3314084273cc9003b8e666f
SHA2566fb33e59c7790913b166e8c6ccb3563f5c3e9e48ce76b50fd321cc199eb627df
SHA512357f3a102e6865ca66b007da7bebe818654afa2c60662d26dd67e014b26c0ae1c3fb86ec24da42d8ff69b38be7d061fcd1d3feca7affaee670793eed233e8696
-
Filesize
108KB
MD5268a60c8c8c6cc2a63d05a581025cff5
SHA1a520f3c2bdefaeb1b3e47850c072943766f1fb3a
SHA256bdbee3b4b2bc9774097d109fe1b8e853ab3b4d90c0058182b4ce643458354f1a
SHA51212072a01e9eabb1d3b46a55b664dbc1b2d559683488f958d512883336f99e727e9260b89037a484db13af73e905fe612eb8ad6a97042697579e5c8d790a3758b
-
Filesize
173KB
MD5d931934301b547a171b2ce31c35a11c5
SHA1b3533d34cd256c7c9bd02d31040910d49bacbd3e
SHA2567b1c5130c063a985e10c23f21a6e19d8155bd4b4d7c54473ff11c797bec72819
SHA51217bda8e59aac07be3d5bb0a318f4a617466386e2837025271f421d18f78a217f50a74fdd6cb2d459d990515fa3354feabbed6566cc1b0b49e9571b27f96a7201