Overview

overview

10

Static

static

10

dadf2f59ba...b9.apk

android-9-x86

10

dadf2f59ba...b9.apk

android-10-x64

10

dadf2f59ba...b9.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    180s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    19/03/2025, 12:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dadf2f59ba0336e468370144affe3ac67c26107ed1d596acb9cf35956a56c1b9.apk

  • Size

    1.7MB

  • MD5

    8ac1d0861cbee7940253e4b8f0a1784c

  • SHA1

    d93270a4ed0b73c1c9de5250aa6b59277ebb228b

  • SHA256

    dadf2f59ba0336e468370144affe3ac67c26107ed1d596acb9cf35956a56c1b9

  • SHA512

    168c8070a103a3c8bcfbe8a4fbcbbb35a0769634d23ca922d3b0e5dd8d02d61d5220a01e6e6845b97b26aaa8a4ca28f80ff6659459abfff7c0c6c63450a9225b

  • SSDEEP

    24576:9lkEBm5zFdCJ62zpHAB4ZAbZOtLEZL2ELlKVm8t9RVxtcbifJiVkggSRvb:9lkyOdozpW9bZkkLlWm8DRKbikVdgS1

Score
10/10
ermachookbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

ermac

C2

http://154.90.62.12

AES_key

Extracted

Family

hook

C2

http://154.90.62.12

AES_key

Signatures

Processes

  • com.tencent.mm
    1⤵
    • Loads dropped Dex/Jar
    • Obtains sensitive information copied to the device clipboard
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4798

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/.google/libgooglev1.so
    Filesize

    326KB

    MD5

    609a5b818ea46513fe8dae39bc138727

    SHA1

    34458ea3b8537fca43efe8e3ff488ed9c83a56e6

    SHA256

    48f6991213387355b1a17e11124de4f0923944c3f2c4869e06fc96a742d9cd49

    SHA512

    9c06c480633d6449532f45c70d71866389a8d1ed6eb1cb9621a3a59d2542fe0a8cb911de92d148473d24af47f548a1321ddef09423cfe831a34c6cded20cd57f

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    590d5237a84c452f21147881aa7293cf

    SHA1

    2e1ed44f7f59852974880c46e96329f602261925

    SHA256

    562861245f08d7bd712c0250954d56cae0a170c32462a5f2ebb359f21c8ed5c5

    SHA512

    530f1c1286410a383e5d1744380c961a8809744783c462f2810d787555a3e541320bda59b9029f3e598da7a04d81e32032207fcceae21f62c7d3132a0f9ebbc1

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    04f258d10faa5a04807f91e83f31ee23

    SHA1

    700d1f91b52e796647421a05d4a81c553d064289

    SHA256

    de18d072c74d09beade7e43672b4559d44ebc023eb71aa0f562de2da92613f18

    SHA512

    5da076096ecb49cbe72a143093d99ee89b0806a176b47720f33c9b29b4d7e791407d24c088992e753c75ba96cef8eede9ed46e6df0fad98d8ddcab9010d8fa18

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    112KB

    MD5

    67b4bc81dcb6cbc06241f17dddf4ee4a

    SHA1

    f2ad1c3afd0aa5078a39dfd7b45a674092da92b5

    SHA256

    0f83d70e1668a03ca118ec8c2a44f470d0c9c8b6df86c4fddf0b7908782721d5

    SHA512

    00dd121791f63b48f025fe284d7dfece51cdd0a7dd104b42fb24e9a19156ffe13174b0b6a95a8debcc432be85a8ab15dcfe303034caba79b15efb6ffc93cbe8b

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    177KB

    MD5

    d8828f2577c277a543f7c5ecf3e6b974

    SHA1

    57b2a0f223934334ad6839d0f786cd092ff60b76

    SHA256

    c4f6ec4b244fb044bdc4e57b4c2fc4c84533fbdd40d6ff24fe81f3d63000d61f

    SHA512

    1b4bc9e32244e961f22b7ebc6d67a26e157eebc2b1d21903d47074f6769af4957de10d7ca8461a76ccb5897f02e5d6b749759fec033c608f2137ce754ed389de

    Download Submit

  • /data/data/com.tencent.mm/oat/x86_64/[email protected]
    Filesize

    4KB

    MD5

    5b335b2cf5c2140e0cb3d574207304b9

    SHA1

    2172ff92327c3ac72dbd23273c978a29076d7ef3

    SHA256

    58286cc601f4d95c0bfc39c2800b96b89aa7b268378dfcddc7ea05faabdc2a71

    SHA512

    fbc41f82352744555ef40802298d2a3c8843d8a066225ec827d1c95db33578d02d5866c9982604172a437fb37402bf7c8885909691b904bad0f5c70a8b4716c7

    Download Submit

  • /data/user/0/com.tencent.mm/[email protected]
    Filesize

    2.0MB

    MD5

    40cb56a4d76414296a84bfed60b6c127

    SHA1

    6b2a5132dd77022708b2b9959737f8377a93a465

    SHA256

    9364ddf46fe1bf90cebac61bc7cbba8707de8158ce444a8fb43220dd50d0699d

    SHA512

    ea743dbf8e188e17589a443c49bbd07d5ebef8edd8a02b40f32bdd9fdbfcdcc63e298f6c4cbd27cfcd9033fc9382b30b0c5fec3e60e400f2dca34a40f5815a02

    Download Submit