Overview

overview

10

Static

static

7

4d291ffddc...2e.apk

android-9-x86

10

4d291ffddc...2e.apk

android-10-x64

7

4d291ffddc...2e.apk

android-11-x64

1

Analysis

  • max time kernel
    3209265s
  • max time network
    152s
  • platform
    android_x86
  • resource
    android-x86-arm-20220621-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220621-enlocale:en-usos:android-9-x86system
  • submitted
    21-08-2022 07:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d291ffddce396d078d16f10c35d5e2e.apk

  • Size

    3.6MB

  • MD5

    4d291ffddce396d078d16f10c35d5e2e

  • SHA1

    1d9727aaf55191c9876e7c4b376dc2a6dd027a06

  • SHA256

    0892942b07717a4fdef6639d02c56ce6ddb8e599529d299facaeda1c0cb16808

  • SHA512

    1157293368632554da526e7795b1761877333e9d8eba34ccb21a45305aa88d58781ab42e5a7dfcd279ed23cc6317c6edf0609a175927551919ef60994da02452

Score
10/10
ermacbankerevasioninfostealerransomwaretrojan

Malware Config

Extracted

Family

ermac

C2

http://62.204.41.98:3434

AES_key
AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.cwblsehgz.ochxfcflb
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4388
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.cwblsehgz.ochxfcflb/khkjgU8hgy/dga6oI6gbIHjs4j/base.apk.yakhfds1.hkk --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.cwblsehgz.ochxfcflb/khkjgU8hgy/dga6oI6gbIHjs4j/oat/x86/base.apk.yakhfds1.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4558

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.cwblsehgz.ochxfcflb/khkjgU8hgy/dga6oI6gbIHjs4j/base.apk.yakhfds1.hkk
    Filesize

    1.3MB

    MD5

    51e8c5c7c71dfb080e1eb97c793e9f98

    SHA1

    67d1a9b9e93c3bc1fbe999d1462604cfe9326d28

    SHA256

    091d72cb1cfc62b88718dd21dd2a9f3d830d5ab584404be8b046bbcdb450c6e3

    SHA512

    202041e305571dc80ea18a8968234c3e6353c52a81f8f37a66e625b39b8d5adfc74f7760a56a5adf1f621dfbb40b6d0f469cfb5b41aa61c90f660292fb5bc3be

    Download Submit

  • /data/user/0/com.cwblsehgz.ochxfcflb/khkjgU8hgy/dga6oI6gbIHjs4j/base.apk.yakhfds1.hkk
    Filesize

    1.3MB

    MD5

    ec1169d8d6412e6cd1146dbb40833dc1

    SHA1

    9376b58dbf56de90045611b176f92ef65578dc67

    SHA256

    6d0e90239201e97f3a1711a2bd32e02cb6d242e078d9484db5188e45f0b15ea7

    SHA512

    d307036b4aa93bcc4b7a6069413fab6bb18e5ddc7a8a951715fb8872b97e47ba0ff42af8ee5f455edb20945fae686165b8ed00f14475f490dc80d37ef891746a

    Download Submit

  • /data/user/0/com.cwblsehgz.ochxfcflb/shared_prefs/multidex.version.xml
    Filesize

    307B

    MD5

    3367fcca08ca113f682f5bb5a1c5622a

    SHA1

    a2af9e42cc29f90074f353cd8699fd0fb1d88c55

    SHA256

    5dde01b9b515a4d4366e6d8f119b98a4eed0b337bb6c9120fb869088734b99b7

    SHA512

    df3c5e51282a3ab442899c08c63a009c404df2f457ab1d9fd44f75d05666258a02d285fa313172d15db738c4130b6e711667bb73395a378b75e844af4405619c

    Download Submit