Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

6

782628fb2d...42.apk

android-9-x86

10

782628fb2d...42.apk

android-10-x64

10

782628fb2d...42.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    782628fb2d316667fe65903efe6d4e9afdc7dbcafa0d5bf33203e0f6fcc40642.bin

  • Size

    4.5MB

  • Sample

    250306-12k4zazjw6

  • MD5

    d879ff85d5ce1b13f7deb565afb88588

  • SHA1

    6567693fd429aacaf2323f8a5862ca9ee7455312

  • SHA256

    782628fb2d316667fe65903efe6d4e9afdc7dbcafa0d5bf33203e0f6fcc40642

  • SHA512

    cce8ba50eb388330b34455ec1840c38d8fee998c869d8a99aab438780d22c110fb88d36a4a5d1fc74882b890e26533ee5e0e3ed4bd1b990ea37a62686661f962

  • SSDEEP

    98304:TSueyeMMn6GSdWJtU5HV7LrJ/OvwWKtD6LNaBJvPbMNixCivmjFOOWrb:e7pMMnx0WJtYdXcTKR2WlQjo

Score
10/10
ermachookandroidbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

ermac

C2

http://185.172.128.82

AES_key
1
3141317a5031655035514765666932444d505466544c35534c6d763744697666

Extracted

Family

hook

C2

http://185.172.128.82

AES_key
1
3141317a5031655035514765666932444d505466544c35534c6d763744697666

Targets

    • Target

      782628fb2d316667fe65903efe6d4e9afdc7dbcafa0d5bf33203e0f6fcc40642.bin

    • Size

      4.5MB

    • MD5

      d879ff85d5ce1b13f7deb565afb88588

    • SHA1

      6567693fd429aacaf2323f8a5862ca9ee7455312

    • SHA256

      782628fb2d316667fe65903efe6d4e9afdc7dbcafa0d5bf33203e0f6fcc40642

    • SHA512

      cce8ba50eb388330b34455ec1840c38d8fee998c869d8a99aab438780d22c110fb88d36a4a5d1fc74882b890e26533ee5e0e3ed4bd1b990ea37a62686661f962

    • SSDEEP

      98304:TSueyeMMn6GSdWJtU5HV7LrJ/OvwWKtD6LNaBJvPbMNixCivmjFOOWrb:e7pMMnx0WJtYdXcTKR2WlQjo

    Score
    10/10
    ermachookbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencerattrojan

    • Ermac

      An Android banking trojan first seen in July 2021.

      bankertrojaninfostealerermac

    • Ermac family

      ermac

    • Ermac2 payload

    • Hook

      Hook is an Android malware that is based on Ermac with RAT capabilities.

      rattrojaninfostealerhook

    • Hook family

      hook

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

      collectioncredential_accessimpact

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

1
T1603

Persistence

Event Triggered Execution

1
T1624

Broadcast Receivers

1
T1624.001

Foreground Persistence

1
T1541

Scheduled Task/Job

1
T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

1
T1407

Foreground Persistence

1
T1541

Input Injection

1
T1516

Virtualization/Sandbox Evasion

2
T1633

System Checks

2
T1633.001

Credential Access

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Discovery

Process Discovery

1
T1424

System Information Discovery

2
T1426

System Network Configuration Discovery

3
T1422

System Network Connections Discovery

1
T1421

Lateral Movement

Collection

Clipboard Data

1
T1414

Input Capture

2
T1417

GUI Input Capture

1
T1417.002

Keylogging

1
T1417.001

Screen Capture

1
T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

1
T1471

Data Manipulation

1
T1641

Transmitted Data Manipulation

1
T1641.001

Input Injection

1
T1516

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.