Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    29s
  • max time network
    32s
  • platform
    android-13_x64
  • resource
    android-33-x64-arm64-20240910-en
  • resource tags

    arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
  • submitted
    21/03/2025, 23:53

General

  • Target

    95a9a3138aa478f0686bc36adf381a2bac3a6f31293061aabac856f43d057c48.apk

  • Size

    18.0MB

  • MD5

    cee85954a7ef079b0c154f6b5bf96e84

  • SHA1

    b2074aeab78e029b63d5aeb5436f31a26c2ac1f8

  • SHA256

    95a9a3138aa478f0686bc36adf381a2bac3a6f31293061aabac856f43d057c48

  • SHA512

    484c2c6a34c9cc0879cced18926bfd00820aff5d28d025ee9eefe23c972e18c93766f22b07137f80c749a3180ff5666cd18427439a2323d018e6fd3eebb0d605

  • SSDEEP

    393216:ugjuCiPE8U46gtpMAuGw8JaJCMzDIwDBbVAH6J+Kh:XuCl746mptuGwAQDDDAKh

Malware Config

Extracted

Family

ermac

C2

http://95.215.108.115

AES_key

Extracted

Family

hook

C2

http://95.215.108.115

AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

  • Ermac family
  • Ermac2 payload 1 IoCs
  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

  • Hook family
  • Loads dropped Dex/Jar 1 TTPs 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
  • Reads the contacts stored on the device. 1 TTPs 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Reads information about phone network operator. 1 TTPs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

Processes

  • com.tencent.mm
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Reads the contacts stored on the device.
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4480

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/misc/profiles/cur/0/com.tencent.mm/primary.prof

    Filesize

    427B

    MD5

    abe28289dce0a17a02cba981ba2c06a1

    SHA1

    6704448d94d213cb854149d814e4cffa6e752c89

    SHA256

    a2ab035f05077dfa33dd7635ae9328952a829991e4af990f57e6b6e78c66303c

    SHA512

    00cdd7a09e0a61c1fd0b0ff8c80216ce86bc6461299fcb596e212bbabb7a2c5be4debcee36c11429365656e9f5ee3c8a384963ce5d50901c2bc9e6ff63959f70

  • /data/user/0/com.tencent.mm/app_float/ae.json

    Filesize

    4.6MB

    MD5

    75fa606b2ba5ee9adb624489eef627af

    SHA1

    26d1fdeb0dbeb669f5b011bbd1adb458d190e044

    SHA256

    bdf758d57938b0be1e478e1c667e7e7047f1b382d4688bc3469166eda3b76913

    SHA512

    e329f0e665f665b294a0dd1c0b23715a3969959871675fdcb33ab2e12cf2956ae174c23d92898fc8383aa19b5a8a4930a7b38adbe6ca75bbf1e24cb7e6ef205e

  • /data/user/0/com.tencent.mm/app_float/ae.json

    Filesize

    4.6MB

    MD5

    5da1dc144fe6be7e31699d25eec3106d

    SHA1

    484b172b3c81b730d8eace4d383fe40cfbe0f022

    SHA256

    c4eb9a17fcad492854a115259ebd3ecb71a8d3a5b256fbfa93cc387f20353174

    SHA512

    76f72d016fe4ddb9934d4edfd85daf1a5df983993b57d1f26a06679c3e3b9f1e9199a36ff51c85381841d572fa273303dec0410e5db8c1850e4149c00ee64c3f

  • /data/user/0/com.tencent.mm/app_float/ae.json

    Filesize

    9.6MB

    MD5

    2f1cbfd8f5d1d4bd5c56b5f7554594c8

    SHA1

    3426b8c27135ce94604a651fb1872a2145f26562

    SHA256

    523b57f3022a876df57f98a418f20af69088843ef32a3e97a6b3548a64c5b416

    SHA512

    80b0b43db36215c70e5ad5cde7676d364b0bea5885cc219e86b29d9f651df9bda4fcae5809bed8b3c268bbaf42ed225617a194c25386376ec199c5eb4fd4e9da

  • /data/user/0/com.tencent.mm/app_float/ae.json!classes2.dex

    Filesize

    2.3MB

    MD5

    8a23a0d9bb51f6c9b1f787fe3659d491

    SHA1

    e0a66629741d1008f450c2ed7983f63c94dfc6b8

    SHA256

    9d042a053688e8f020530fea0e2b994e4349d941501c2474349215b7361e503a

    SHA512

    9d49e3351dc1780eb0fae2e680534d4e62ec7b1322abe234a69b786da869ed67a53a75b8026b7fb280b2accab9995b8ca590e4389e0ee76baab4d2712318ca95

  • /data/user/0/com.tencent.mm/files/profileInstalled

    Filesize

    24B

    MD5

    6628b9c6bccd1e5b25066b64f2b3cda0

    SHA1

    afb75de72e6e41ab572bff119752474b602c1f0b

    SHA256

    59ec288e067bf528786d9f089d3a6009d856993bc7a81158af2e8e978bdab1c2

    SHA512

    568cecbf70737f20207f01283c26e29c4a19730b3b670b11a589d809801cd5136ab0b29b97461b06e2b13f5c14bb7a7dacce7d4fcdea9ae9be469fe6f271cb8b

  • /data/user/0/com.tencent.mm/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

    Filesize

    8B

    MD5

    a4518a5e2a71c77a33d5fffcd2e2326a

    SHA1

    edc8620250ba8b3f8c5e4aac43141900211ae016

    SHA256

    027f0f4929b13a18e875d214999326c2f4ba10a4f512978139a0d35d124fbf2a

    SHA512

    d99818ce9568b95f4e8e9873b2a23bd6da5f3f448c69748464b74dcef1b45c394cd7d3de6cb5c4ec5758bde470623a4ee04b544c76d2d5fa366166a068ab9e5e

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb

    Filesize

    4KB

    MD5

    0eb157e1a86d4d00aa601dd2f6ff3ee3

    SHA1

    fee434f784e73cc7916322e949f727caf8363102

    SHA256

    b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

    SHA512

    b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal

    Filesize

    512B

    MD5

    eadf003d7c95f3b05185d456b819b230

    SHA1

    73c3edaaff962bc4ade5048597a0e82fab012e6e

    SHA256

    38df4549ff67522b9c87690ed00a8f451fc499eefac96e1a4756a9e91f68f978

    SHA512

    b4e5af1b1de8cb704ec0e349222a018bff3b17c3297f12cf44ff0bf32ada4f67bf64e088c0ea2cd9b3f9ea43f655e27c578524c53449e1da876f5f936e220e0c

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-shm

    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

    Filesize

    16KB

    MD5

    695d4dcb3635681eb0c903ffc8426ff7

    SHA1

    4ee8ad77e18cc02fea96b895f50b4d97228695f4

    SHA256

    602efbee7da9e8280a956f530b4cd90c94292af257f45e88b165d1ba84e99f09

    SHA512

    9e05fcdec4e9704129c869eda30f9d27f9b0e19f6d8796a9611f3ecf31a1f4cbce9059363c61060022f3f31f0998c80f57811d92f86c9ddd4272a968e99034b9

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

    Filesize

    108KB

    MD5

    c851e30f8b80ca3277b18a451f22a061

    SHA1

    3011137ced15ea5e7b6af9f99af138521a22f37b

    SHA256

    09ca010447877eede6307a41f0aef61783bcec1a56387b4dceb2de43c9b6a86f

    SHA512

    0fc770cd31cd9db7769c258a5d1b9b2248eef9d68124aa5bf72dd5700ae68597fc58faef8f62f6e411c95efbfc9e69ef3062d5b61965610dc7b127396caeca7b

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

    Filesize

    173KB

    MD5

    0fbbb09ef646e87b19f02fc93955272c

    SHA1

    88cc8500f01cdf5564e5abeb4b75b97196972726

    SHA256

    c6e127b19d618f2b5094a5e44749bdffa83220b1f3c2c20c3740e874b3cbedb6

    SHA512

    af48a5ad5e7ad05ce694f70ac85762b5c5944cdcdc4d14cad766349468cc7cf71e196ed5081d6c71c6daaaedd8ed37187022c48a3597f5e8f68c5018b9ac9cb6