Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
29s -
max time network
32s -
platform
android-13_x64 -
resource
android-33-x64-arm64-20240910-en -
resource tags
arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system -
submitted
21/03/2025, 23:53
Static task
static1
Behavioral task
behavioral1
Sample
95a9a3138aa478f0686bc36adf381a2bac3a6f31293061aabac856f43d057c48.apk
Resource
android-33-x64-arm64-20240910-en
Behavioral task
behavioral2
Sample
95a9a3138aa478f0686bc36adf381a2bac3a6f31293061aabac856f43d057c48.apk
Resource
android-x86-arm-20240910-en
General
-
Target
95a9a3138aa478f0686bc36adf381a2bac3a6f31293061aabac856f43d057c48.apk
-
Size
18.0MB
-
MD5
cee85954a7ef079b0c154f6b5bf96e84
-
SHA1
b2074aeab78e029b63d5aeb5436f31a26c2ac1f8
-
SHA256
95a9a3138aa478f0686bc36adf381a2bac3a6f31293061aabac856f43d057c48
-
SHA512
484c2c6a34c9cc0879cced18926bfd00820aff5d28d025ee9eefe23c972e18c93766f22b07137f80c749a3180ff5666cd18427439a2323d018e6fd3eebb0d605
-
SSDEEP
393216:ugjuCiPE8U46gtpMAuGw8JaJCMzDIwDBbVAH6J+Kh:XuCl746mptuGwAQDDDAKh
Malware Config
Extracted
ermac
http://95.215.108.115
Extracted
hook
http://95.215.108.115
Signatures
-
Ermac
An Android banking trojan first seen in July 2021.
-
Ermac family
-
Ermac2 payload 1 IoCs
resource yara_rule behavioral1/memory/4480-0.dex family_ermac2 -
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Hook family
-
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.tencent.mm/app_float/ae.json 4480 com.tencent.mm /data/user/0/com.tencent.mm/app_float/ae.json!classes2.dex 4480 com.tencent.mm -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.tencent.mm -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.tencent.mm -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.contacts/data/phones com.tencent.mm -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.tencent.mm -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.tencent.mm -
Reads information about phone network operator. 1 TTPs
-
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.tencent.mm -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.tencent.mm
Processes
-
com.tencent.mm1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries information about running processes on the device
- Reads the contacts stored on the device.
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4480
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
427B
MD5abe28289dce0a17a02cba981ba2c06a1
SHA16704448d94d213cb854149d814e4cffa6e752c89
SHA256a2ab035f05077dfa33dd7635ae9328952a829991e4af990f57e6b6e78c66303c
SHA51200cdd7a09e0a61c1fd0b0ff8c80216ce86bc6461299fcb596e212bbabb7a2c5be4debcee36c11429365656e9f5ee3c8a384963ce5d50901c2bc9e6ff63959f70
-
Filesize
4.6MB
MD575fa606b2ba5ee9adb624489eef627af
SHA126d1fdeb0dbeb669f5b011bbd1adb458d190e044
SHA256bdf758d57938b0be1e478e1c667e7e7047f1b382d4688bc3469166eda3b76913
SHA512e329f0e665f665b294a0dd1c0b23715a3969959871675fdcb33ab2e12cf2956ae174c23d92898fc8383aa19b5a8a4930a7b38adbe6ca75bbf1e24cb7e6ef205e
-
Filesize
4.6MB
MD55da1dc144fe6be7e31699d25eec3106d
SHA1484b172b3c81b730d8eace4d383fe40cfbe0f022
SHA256c4eb9a17fcad492854a115259ebd3ecb71a8d3a5b256fbfa93cc387f20353174
SHA51276f72d016fe4ddb9934d4edfd85daf1a5df983993b57d1f26a06679c3e3b9f1e9199a36ff51c85381841d572fa273303dec0410e5db8c1850e4149c00ee64c3f
-
Filesize
9.6MB
MD52f1cbfd8f5d1d4bd5c56b5f7554594c8
SHA13426b8c27135ce94604a651fb1872a2145f26562
SHA256523b57f3022a876df57f98a418f20af69088843ef32a3e97a6b3548a64c5b416
SHA51280b0b43db36215c70e5ad5cde7676d364b0bea5885cc219e86b29d9f651df9bda4fcae5809bed8b3c268bbaf42ed225617a194c25386376ec199c5eb4fd4e9da
-
Filesize
2.3MB
MD58a23a0d9bb51f6c9b1f787fe3659d491
SHA1e0a66629741d1008f450c2ed7983f63c94dfc6b8
SHA2569d042a053688e8f020530fea0e2b994e4349d941501c2474349215b7361e503a
SHA5129d49e3351dc1780eb0fae2e680534d4e62ec7b1322abe234a69b786da869ed67a53a75b8026b7fb280b2accab9995b8ca590e4389e0ee76baab4d2712318ca95
-
Filesize
24B
MD56628b9c6bccd1e5b25066b64f2b3cda0
SHA1afb75de72e6e41ab572bff119752474b602c1f0b
SHA25659ec288e067bf528786d9f089d3a6009d856993bc7a81158af2e8e978bdab1c2
SHA512568cecbf70737f20207f01283c26e29c4a19730b3b670b11a589d809801cd5136ab0b29b97461b06e2b13f5c14bb7a7dacce7d4fcdea9ae9be469fe6f271cb8b
-
Filesize
8B
MD5a4518a5e2a71c77a33d5fffcd2e2326a
SHA1edc8620250ba8b3f8c5e4aac43141900211ae016
SHA256027f0f4929b13a18e875d214999326c2f4ba10a4f512978139a0d35d124fbf2a
SHA512d99818ce9568b95f4e8e9873b2a23bd6da5f3f448c69748464b74dcef1b45c394cd7d3de6cb5c4ec5758bde470623a4ee04b544c76d2d5fa366166a068ab9e5e
-
Filesize
4KB
MD50eb157e1a86d4d00aa601dd2f6ff3ee3
SHA1fee434f784e73cc7916322e949f727caf8363102
SHA256b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4
SHA512b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8
-
Filesize
512B
MD5eadf003d7c95f3b05185d456b819b230
SHA173c3edaaff962bc4ade5048597a0e82fab012e6e
SHA25638df4549ff67522b9c87690ed00a8f451fc499eefac96e1a4756a9e91f68f978
SHA512b4e5af1b1de8cb704ec0e349222a018bff3b17c3297f12cf44ff0bf32ada4f67bf64e088c0ea2cd9b3f9ea43f655e27c578524c53449e1da876f5f936e220e0c
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD5695d4dcb3635681eb0c903ffc8426ff7
SHA14ee8ad77e18cc02fea96b895f50b4d97228695f4
SHA256602efbee7da9e8280a956f530b4cd90c94292af257f45e88b165d1ba84e99f09
SHA5129e05fcdec4e9704129c869eda30f9d27f9b0e19f6d8796a9611f3ecf31a1f4cbce9059363c61060022f3f31f0998c80f57811d92f86c9ddd4272a968e99034b9
-
Filesize
108KB
MD5c851e30f8b80ca3277b18a451f22a061
SHA13011137ced15ea5e7b6af9f99af138521a22f37b
SHA25609ca010447877eede6307a41f0aef61783bcec1a56387b4dceb2de43c9b6a86f
SHA5120fc770cd31cd9db7769c258a5d1b9b2248eef9d68124aa5bf72dd5700ae68597fc58faef8f62f6e411c95efbfc9e69ef3062d5b61965610dc7b127396caeca7b
-
Filesize
173KB
MD50fbbb09ef646e87b19f02fc93955272c
SHA188cc8500f01cdf5564e5abeb4b75b97196972726
SHA256c6e127b19d618f2b5094a5e44749bdffa83220b1f3c2c20c3740e874b3cbedb6
SHA512af48a5ad5e7ad05ce694f70ac85762b5c5944cdcdc4d14cad766349468cc7cf71e196ed5081d6c71c6daaaedd8ed37187022c48a3597f5e8f68c5018b9ac9cb6