ermac | c6c30839e1e885d4a54fe9d8d3a68b3e1c79e27e15c9a76907ba58a954d8476c

Analysis

max time kernel
3418147s
max time network
161s
platform
android_x64
resource
android-x64-20220823-en
resource tags

androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
submitted
12-10-2022 10:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c6c30839e1e885d4a54fe9d8d3a68b3e1c79e27e15c9a76907ba58a954d8476c.apk
Size

2.8MB
MD5

24b1ce69f7066a7bc9bc32e3c969d8d9
SHA1

f36ff949217f3340a717a0e5a4d079b254b876be
SHA256

c6c30839e1e885d4a54fe9d8d3a68b3e1c79e27e15c9a76907ba58a954d8476c
SHA512

d0ef9542547fa0ad59facd30ed4ee2b18e5db8ba98ec87ef6585182047f8dd070d8ded12c9e0e1d8b9bf36b67e395dd0d78028d0e33a4f269ce6e9e015627367
SSDEEP

49152:kQrHl7Y+DlqP9DGrd7Rr4f+D3A7Mu2az5Umfu6VoBlmF0kotnITqK:kQrHhY+D4P8FRHD3A7bKmfXVUwF0kebK

Score

10^/10

ermac banker infostealer ransomware trojan

Malware Config

Extracted

Family

ermac

http://31.41.244.187:3434

AES_key

Signatures

Ermac
An Android banking trojan first seen in July 2021.
banker trojan infostealer ermac

Ermac2 payload 1 IoCs

resource	yara_rule
behavioral2/memory/4755-0.dex	family_ermac2

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.zixudahitifo.gicu/app_DynamicOptDex/ZnXAwQI.json	4755	com.zixudahitifo.gicu

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.zixudahitifo.gicu

com.zixudahitifo.gicu
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4755

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.zixudahitifo.gicu/app_DynamicOptDex/ZnXAwQI.json

Filesize
444KB

MD5
4d3809f5a4fef02c10481b9b1b1d99ae

SHA1
98c904448966a87ef716c54059a3f5d3b742e89e

SHA256
7293c3bd06c36eff25632488bd2d84d0b22917a14bece9464fd777177ffe2ee2

SHA512
3735cf0d6407590551a60767315a199d546114ff7b78102ad4ba346807f2a3196ee7cf09b219a9f66df46c9adb271a1f86a4fb580e5f29bfed05374e7895d731

Download Submit
/data/user/0/com.zixudahitifo.gicu/app_DynamicOptDex/ZnXAwQI.json

Filesize
911KB

MD5
c16712257cf7c12470bf2a199b0cd54f

SHA1
ebf57d2d80e6ad46d45a0eb84b8e59d8dffbd5ff

SHA256
432c766cb9e36d58b08319a5beb7f0176b394be06c6778f9bd0c6e23a3b81365

SHA512
5b9f365575f22faca096230e18e508128ce728c8c9acdf0bd7f86b1f39e145d402b8ba574c497835e788a2ed500737decf49a635c1ff936061ea412187a0bb12

Download Submit
/data/user/0/com.zixudahitifo.gicu/app_webview/Cookies

Filesize
64KB

MD5
9b23e6a88d5a95f155f205cb04b93cd0

SHA1
b62dccbbef087a0731f226b96d15d35d8aa5e5fc

SHA256
f2f3c3c0c7f085399a6f9a464c1ac30a59ceeb5a4b7026286fa5609e6e8ef857

SHA512
bce5f25d98e2e8296c4101b62082dcb6a43902f3431ff6f725e41be6b9aece76e887ef94c4818baf4da845708fd76fd51c37fb6915710c870647593868f27482

Download Submit
/data/user/0/com.zixudahitifo.gicu/app_webview/Cookies-journal

Filesize
1KB

MD5
8fac6f59348a0303f6bccfe99751ca87

SHA1
87a1cb59c149f92fe64a05abc62af6d2ebb0a199

SHA256
618ec47102203dfd958eb30d9f698b3a1e00e1716cd6c4a94640346184a2a904

SHA512
089bea7d43bc6da8c1a1394fd8922f320755c3eb461788540890eb24aaccb27a514b06f259694be9099a8270120e8d7e5a1729c71cf3780191a8ff0cae96bc43

Download Submit
/data/user/0/com.zixudahitifo.gicu/app_webview/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.zixudahitifo.gicu/app_webview/GPUCache/index-dir/temp-index

Filesize
96B

MD5
077062aecfb3fcb197a493687e962644

SHA1
73d4920dcc6e65a1da2bf247e3411b9e20c0b70f

SHA256
9a3a6027bf69bf0982e0bbc99c79c9d0e43ac243dde141f346c3ec916836d997

SHA512
0a4b5291fd96d5479a7b9854522fc815352cfedd7f67b115ab68e153d47005b979768139e3526c30439b1979eed3af682468bed789e9f467504e4c54d9c881cc

Download Submit
/data/user/0/com.zixudahitifo.gicu/app_webview/Web Data

Filesize
112KB

MD5
b663831f8cc130493476d94f2d7a5330

SHA1
043a1956ab8e40821d67043f8a9110a8eb36fb93

SHA256
c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

SHA512
e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

Download Submit
/data/user/0/com.zixudahitifo.gicu/app_webview/Web Data-journal

Filesize
1KB

MD5
5548dd02b50417849944e3c081af608c

SHA1
359643c46982884a44b57f18ff1ee842c5039c04

SHA256
4ac6c5ae636366c39a56f09eb9b435263e4a1f7c294d6b8a0d7e26d56b7d706c

SHA512
4f4da772bb73e60dc92a989c1320a58a8d5eeadad42c12fee17257699af0fcf003b18ab231922b629dbc9bf09b9d2f64370f54b344fc2edd85a84b6c14198110

Download Submit
/data/user/0/com.zixudahitifo.gicu/app_webview/metrics_guid

Filesize
36B

MD5
fec33cd0e9d4f70cada64e86985d59c1

SHA1
982ed9e0834aa439e3af99c08d62a433af018b41

SHA256
aaf0cd078a229327fb54b29d96b8155dd2f6b93b033e2d89a04c9056962adf9f

SHA512
8fe0e2d1a9fa432735038e4e1c4e5358ebf37513356f988e378285d7c263886987257a81eb5f5565ba956088c41539bd14c147dbe77c786786c041203ede6b14

Download Submit
/data/user/0/com.zixudahitifo.gicu/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
6505261805c151f01a4333f82bc8916d

SHA1
6557b730064a3868de25269020bbc296a9360c7f

SHA256
4c60f659514800dbbe22f7bfef36b0dce944cc09fa09850ffbd24fbc4141d707

SHA512
ab62b7ac5ac59420fd652a86db85563944d6f645a7cf2c4c77cbcf134eb4a2d4258471638400758c3e482dca988fe242ed54b9243211c4400e80fca43dcafd96

Download Submit
/data/user/0/com.zixudahitifo.gicu/cache/org.chromium.android_webview/1dc40779bb8387b8_0

Filesize
426B

MD5
c07d7507c03bb4d253ab2167d85d889b

SHA1
993a9bf6018f41dea1035458c332ead67f421266

SHA256
4a4f655ed5b28fd7cab963e9a28ca012dd589e30a355a792392791933983bbf0

SHA512
d11f76751fb0ab2f1f9dcbf44abed06391301c1d1c005d0fb73ca0dd9caa72bc7c4813e0d41be9feff4ef381e4fe15d55c8ee637c79a18effb57688f9be17193

Download Submit
/data/user/0/com.zixudahitifo.gicu/cache/org.chromium.android_webview/4c70d54a92cdffb7_0

Filesize
514B

MD5
d0493d3c4a8e6137aa8e26ff54a4183d

SHA1
faacc3d8daeef1216f1121f30205ca161f2b80fb

SHA256
20dd7a255bd273d4eee47bf8e6ddcf8f352655a727fe98f0ed86c5ec559d6daa

SHA512
62c54532d430a7a536cd010a72c05c154b343f27713558b78ee604053be95a14722e877ef4d27908e9a63ce2cfbf69adcec213e4ca278e5d8520266e5653bdb2

Download Submit
/data/user/0/com.zixudahitifo.gicu/cache/org.chromium.android_webview/74a997b66d0f8136_0

Filesize
492B

MD5
226f67a9739004e14e2c06efa687f9f0

SHA1
c229ce9617f08c3e7a8206e73448ca0625808bf0

SHA256
800726bcbc84679265d57df2f28839b480f5abd922fb5781e5eef88a8b3146bb

SHA512
715af6a606bc40efb251af04469c84d870752609ffa185dc3f8ed66c6981d14aa614d2fe6e3b5741b99b40e2307fdc9f770c04a1722f2ea45338e8ed6e1da8b6

Download Submit
/data/user/0/com.zixudahitifo.gicu/cache/org.chromium.android_webview/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.zixudahitifo.gicu/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
e77705bd9ea184e1d3c9d3b991fb1dcb

SHA1
6632c96e0dfe80bc434abf5fd874649eef3cc66e

SHA256
de82e08ce1762ef3f1577ad6ac964344d1c09f504d64b432bd330fd398f660b7

SHA512
a0d4b82389d49a7ce00335dfdc60abf9e23375828abe0108cc956c1c42b7877d36b3b58454861e45f6f02587d35a1f6ff8cf9d91a6208c535bf032797028060d

Download Submit
/data/user/0/com.zixudahitifo.gicu/cache/org.chromium.android_webview/a63f6ad0ba0d5e6b_0

Filesize
310B

MD5
f91eff3cb5c07e7abeff212154a65cb3

SHA1
1babe495c117ff4a070921a55ab2aa97a4941207

SHA256
956425034ffb1ceba3e40d161917f2ebebbedf29d0971fb17afb2ab3d5e810f7

SHA512
da43248a533a1a467aaaa189a7ad258088d83455913f3511cbd6a30355a3b5e298ffd0c6b322feb96e7b97d254d7a82071bd35294f6dde42390f90fe18e6aa4d

Download Submit
/data/user/0/com.zixudahitifo.gicu/cache/org.chromium.android_webview/c4c671fa17cf644a_0

Filesize
472B

MD5
b7a81901d138938c2b6345078748c4dc

SHA1
62b46882c34544e670c1ab28f25479f1d6edc4d7

SHA256
21c0cca083c2d97aebf8177cddec34f581ee58381a6cd03f5b1a1005e48535c5

SHA512
90e8904a5c2da01d3cfdf0cc1d75a15e179f6c86bae11c1989d77308e0d798cf20865718a7b8fed0a34f2d03e06fdefe1ac8e4cd7a9f3c68960265e2d9e69dec

Download Submit
/data/user/0/com.zixudahitifo.gicu/cache/org.chromium.android_webview/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.zixudahitifo.gicu/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
240B

MD5
597c4b857e56242a8612f744e88756b1

SHA1
94362b273f39340f8549fdbd8d6d3acedf3ce020

SHA256
799fe8f640abc29174768f8df07a4dc14d233e221f6e8ef67a456600945c555d

SHA512
c789b795536c0873fa6a6ce6fac86f33c93f72275b9a743404c55ad46953822e7630eddf37cac220dbfd2a9c2685e4236c8796f47285904a06b62a826db86ba1

Download Submit
/data/user/0/com.zixudahitifo.gicu/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
96B

MD5
796a0c41d7cf3e980f50acad7cb24c22

SHA1
1e82b64f90f56ace1f3354917db4d2adba04197c

SHA256
8978977141c35b012963c26a456b1d96c4e61637f02607d8a63102263daa99aa

SHA512
64147fb3052f86d4ff49bfffa0777fc9e21aeb3a9e57e059f6769f874e2d8db690309e2affedbe0a926accf04f70b08d524b7c544f4b1c7e6c16d7d619a7d243

Download Submit
/data/user/0/com.zixudahitifo.gicu/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
6ef709b8536878951e87c29a1518fc2b

SHA1
24376c70b00152501b3d98df61fa7db435339172

SHA256
10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

SHA512
96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

Download Submit
/data/user/0/com.zixudahitifo.gicu/shared_prefs/settings.xml

Filesize
134B

MD5
f770197dee8ab5ace13f325d8f7999fd

SHA1
c199cc8f2bc121a6ddb8d2b61922ed4c3797995b

SHA256
a98f1264aab26b21d005fecbb0db2e746bd2b24ae04c3dbae162f6436206e3cc

SHA512
de3ab342f0b02ab96e97bfc25a73dd250f4d699517b78b5a89d62ea2c136598046173f4b49ca3060b05b077420e26682eb0f1bbd2d1855f06331cb9180920897

Download Submit