Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
152s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
21/03/2025, 23:56
Static task
static1
Behavioral task
behavioral1
Sample
95a9a3138aa478f0686bc36adf381a2bac3a6f31293061aabac856f43d057c48.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
95a9a3138aa478f0686bc36adf381a2bac3a6f31293061aabac856f43d057c48.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
95a9a3138aa478f0686bc36adf381a2bac3a6f31293061aabac856f43d057c48.apk
-
Size
18.0MB
-
MD5
cee85954a7ef079b0c154f6b5bf96e84
-
SHA1
b2074aeab78e029b63d5aeb5436f31a26c2ac1f8
-
SHA256
95a9a3138aa478f0686bc36adf381a2bac3a6f31293061aabac856f43d057c48
-
SHA512
484c2c6a34c9cc0879cced18926bfd00820aff5d28d025ee9eefe23c972e18c93766f22b07137f80c749a3180ff5666cd18427439a2323d018e6fd3eebb0d605
-
SSDEEP
393216:ugjuCiPE8U46gtpMAuGw8JaJCMzDIwDBbVAH6J+Kh:XuCl746mptuGwAQDDDAKh
Malware Config
Extracted
ermac
http://95.215.108.115
Extracted
hook
http://95.215.108.115
Signatures
-
Ermac
An Android banking trojan first seen in July 2021.
-
Ermac family
-
Ermac2 payload 1 IoCs
resource yara_rule behavioral2/memory/4738-0.dex family_ermac2 -
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Hook family
-
pid Process 4738 com.tencent.mm -
Loads dropped Dex/Jar 1 TTPs 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.tencent.mm/app_float/ae.json 4738 com.tencent.mm /data/user/0/com.tencent.mm/app_float/ae.json!classes2.dex 4738 com.tencent.mm -
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.tencent.mm -
Queries information about running processes on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about running processes on the device.
description ioc Process Framework service call android.app.IActivityManager.getRunningAppProcesses com.tencent.mm -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Reads the contacts stored on the device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://com.android.contacts/data/phones com.tencent.mm -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.tencent.mm -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
description ioc Process Framework service call android.app.IActivityManager.setServiceForeground com.tencent.mm -
Performs UI accessibility actions on behalf of the user 1 TTPs 64 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.tencent.mm -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
description ioc Process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.tencent.mm -
Reads information about phone network operator. 1 TTPs
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
description ioc Process Intent action android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS com.tencent.mm -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.tencent.mm -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
description ioc Process Framework service call android.app.job.IJobScheduler.schedule com.tencent.mm -
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.tencent.mm
Processes
-
com.tencent.mm1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries information about running processes on the device
- Reads the contacts stored on the device.
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about the current Wi-Fi connection
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Requests enabling of the accessibility settings.
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4738
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Discovery
Process Discovery
1System Network Configuration Discovery
2System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
160B
MD51fbc5b33cbec5ba7c0b834eb49972855
SHA11561709f082155e91d764a042c33024cc1019a1b
SHA25680ff4a0f9305ee864712e9f9c16335acad208c848d53bc376632e151e46d0942
SHA5129c8b9fe269049871087fded3f029bc8bdb5170635b0f9bcbf3eb1f360b8127749150187d83db6f9f5b7649213ffb677a2352e4365e396a6f069c187f33ea55d8
-
Filesize
368B
MD525fc457ce8c595c98e5ec383a84d613b
SHA1e332e8511d36a56fae8f27934081a8c9aee65fda
SHA256c0ff0f407527f935d6c4b478d77b8c862f0907f7b330b893a037fdfc6d759e59
SHA512006f53108efae02d17051bcf17af404ee7490c808ab1ea89dfc5b81eb7024318d1edaf083f54c516357cb06b8066d132593130b20313842367c52b7cf2399f48
-
Filesize
4.6MB
MD575fa606b2ba5ee9adb624489eef627af
SHA126d1fdeb0dbeb669f5b011bbd1adb458d190e044
SHA256bdf758d57938b0be1e478e1c667e7e7047f1b382d4688bc3469166eda3b76913
SHA512e329f0e665f665b294a0dd1c0b23715a3969959871675fdcb33ab2e12cf2956ae174c23d92898fc8383aa19b5a8a4930a7b38adbe6ca75bbf1e24cb7e6ef205e
-
Filesize
4.6MB
MD55da1dc144fe6be7e31699d25eec3106d
SHA1484b172b3c81b730d8eace4d383fe40cfbe0f022
SHA256c4eb9a17fcad492854a115259ebd3ecb71a8d3a5b256fbfa93cc387f20353174
SHA51276f72d016fe4ddb9934d4edfd85daf1a5df983993b57d1f26a06679c3e3b9f1e9199a36ff51c85381841d572fa273303dec0410e5db8c1850e4149c00ee64c3f
-
Filesize
9.6MB
MD52f1cbfd8f5d1d4bd5c56b5f7554594c8
SHA13426b8c27135ce94604a651fb1872a2145f26562
SHA256523b57f3022a876df57f98a418f20af69088843ef32a3e97a6b3548a64c5b416
SHA51280b0b43db36215c70e5ad5cde7676d364b0bea5885cc219e86b29d9f651df9bda4fcae5809bed8b3c268bbaf42ed225617a194c25386376ec199c5eb4fd4e9da
-
Filesize
2.3MB
MD58a23a0d9bb51f6c9b1f787fe3659d491
SHA1e0a66629741d1008f450c2ed7983f63c94dfc6b8
SHA2569d042a053688e8f020530fea0e2b994e4349d941501c2474349215b7361e503a
SHA5129d49e3351dc1780eb0fae2e680534d4e62ec7b1322abe234a69b786da869ed67a53a75b8026b7fb280b2accab9995b8ca590e4389e0ee76baab4d2712318ca95
-
Filesize
8B
MD55a0c3e5b0f1566f31fd08bd6dd4d32b2
SHA169d5eee03cb7b95f5935c6288cb8596fcd79213d
SHA256d785ee7ac0de7153a35dfad53939bb00d0fc62a6665bf922c24784f6e0885387
SHA512448b46b03ab4d752c512c7b434d0d70699a61ea945063da14cb103cbfa8f3c75c35e1b108b9f7a3e5098bb86d9d7ce50040a1088b0516fc79a85161b9895435e
-
Filesize
4KB
MD57e858c4054eb00fcddc653a04e5cd1c6
SHA12e056bf31a8d78df136f02a62afeeca77f4faccf
SHA2569010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb
-
Filesize
512B
MD56193f03b63d76ce851136f1ea84fd14b
SHA1256fe685f280431704f291c767cf637aaa6a6924
SHA25617e5e0d38a46fba218d6eb32380a6b1ff9aa411abe9b5377d4cfb5962447e414
SHA51230a208ea6b60b0c8fce2d6fe93f965bf0494df34b05ae9113444ac175f6dff974c25c076bd079ad9910423427405dada1f6ddf43e255973aa8735dd3506ecb64
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD5d9a3b5fd096b958bd08dc09aae016cb5
SHA1247e8cfecd0cba49311f2836ad4df5f81ac70a4b
SHA256deb40f04aa7988ff99fb0511a82ee7833d775ecfe09f424d9e0cddea3d7999fd
SHA512a7dadeaa5a64174eaf2e8146189a37d21c4627c296f02cbc686050124cc44ec221eb22cd5ebdab792b576c87ba14913221f78b9a021081a97c6aa13bbbba877e
-
Filesize
108KB
MD5f4656b34add8506e49f36432b74a0779
SHA18f7db2ed9c3151c2e3b4dd989484eba0706b8bff
SHA2564811c86c1fcb380534af836e633ed167c9a06c13948f2ea74278fc340580d134
SHA512f771c39da410a1913568aa49133aafcaf1840f8cf45ada1f65165eb755b7a7994d155ae54a1071aac539273ebcd5d6629d62478cd807d141121b1db3de629b5e
-
Filesize
173KB
MD5a28fb796c89f75f70c8f55f43f707e1d
SHA1c476f8c9e9cf83ac6228a618258dc70c09416ace
SHA256686bcdd4dab0c7d4f2bf4dc993b4e185361075c519aa7b1c27ac297c829840d0
SHA512850ef6fd82e6b44cb70f96006d25a04690e318c95d26b786397159a3a0ef077697c35e50dcf1ee513742d7d5bc96fc3dc7625acbaf63eb7b1f8f9934176004c6