Analysis
-
max time kernel
734553s -
platform
android_x86 -
resource
android-x86-arm -
submitted
28-09-2021 09:41
Static task
static1
Behavioral task
behavioral1
Sample
1032b42c859c747bcc159b75366c3325869d3722f5673d13a7b06633245ebf32.apk
Resource
android-x86-arm
android_x86
0 signatures
0 seconds
General
-
Target
1032b42c859c747bcc159b75366c3325869d3722f5673d13a7b06633245ebf32.apk
-
Size
3.5MB
-
MD5
6d0e90efb33350b609519767b67d4433
-
SHA1
22ee7082758470720ddab2d89fc7b045b3779294
-
SHA256
1032b42c859c747bcc159b75366c3325869d3722f5673d13a7b06633245ebf32
-
SHA512
7298b90d7e49cade426cd502a51b13d958c92a587d07f59beb6eb7e35a61f658d3b0efb9a4b061e7b059755fa916af7bed05b0834ea0fe1a56a2aa701ed7180f
Score
10/10
Malware Config
Signatures
-
Ermac
An android banking trojan first seen in July 2021.
-
Ermac Payload 1 IoCs
resource yara_rule behavioral1/memory/4742-0.dex family_ermac -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.lzllwgqflhaaol.fieyihzm/mvhxbmeffl/lplhvkplxtggzpf/base.apk.rbzrgxu1.xnm 4772 /system/bin/dex2oat /data/user/0/com.lzllwgqflhaaol.fieyihzm/mvhxbmeffl/lplhvkplxtggzpf/base.apk.rbzrgxu1.xnm 4742 com.lzllwgqflhaaol.fieyihzm