Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

paypal.apk

android-9-x86

10

paypal.apk

android-10-x64

10

paypal.apk

android-11-x64

10

Analysis

  • max time kernel
    4203229s
  • max time network
    146s
  • platform
    android_x86
  • resource
    android-x86-arm-20220823-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
  • submitted
    21/10/2022, 12:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    paypal.apk

  • Size

    2.6MB

  • MD5

    16e991d73049f1ef5b8f5fa0c075ef05

  • SHA1

    79b5c686478c3db742666068d3835eb3409af32a

  • SHA256

    f4ebdcef8643dbffe8de312cb47c1f94118e6481a4faf4166badfd98a0a9c5d3

  • SHA512

    4b6709f86718a6348feb4dffbf9094594ae269b89a4ff7dac2c0d83f6320f46a3958711ad9c6e49121eedd0e47d5365d19275459653992366c62ce2d1643801e

  • SSDEEP

    49152:Y/cThIEUoEPCM0FjUT8uD4f14CUnA6CKe8NbLDMR:YEFIdP9q9GTn9CctX8

Score
10/10
ermacbankerevasioninfostealerransomwaretrojan

Malware Config

Extracted

Family

ermac

C2

http://193.106.191.121:3434

AES_key
AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 2 IoCs
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.baresucuvuzefa.feyi
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4087
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.baresucuvuzefa.feyi/app_DynamicOptDex/iRFFA.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.baresucuvuzefa.feyi/app_DynamicOptDex/oat/x86/iRFFA.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4121

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.baresucuvuzefa.feyi/app_DynamicOptDex/iRFFA.json
    Filesize

    456KB

    MD5

    2d3729402d72914c1922d6c6f352afce

    SHA1

    ee2a7f3c481283d8d0d3347e729ec73099fe23f0

    SHA256

    9f191ea1bfd45d523ccc0b47ac0801563cbc20b3d5dcbf88498e40af45405b0f

    SHA512

    99187a1bed193295389ca7f8f9b8f219deb82ae3a61d44454fc6d9d252c8d4a5e27a873d2df084ffa44d5c8dad9addc8f3cf7caaf22a49914bcbbfd65474e14a

    Download Submit

  • /data/user/0/com.baresucuvuzefa.feyi/app_DynamicOptDex/iRFFA.json
    Filesize

    899KB

    MD5

    965fabe77decb80204a46674a771b1cb

    SHA1

    47bfac4209ffb9e568458144dbe7ade26be10455

    SHA256

    6f3d8d5e7ddb9fd61b75fda383ec4cc50c4f45f0929bc899de6fa4f5f4f33325

    SHA512

    e3b64bd91811e483602ceea64394719a17d29fc7533ddf39032986083ecd80e958dc169b0ec4fe6d90382be90638a710b4fbca4031e896d7e025b9e1acb98b06

    Download Submit

  • /data/user/0/com.baresucuvuzefa.feyi/app_DynamicOptDex/iRFFA.json
    Filesize

    899KB

    MD5

    3f25cf0fc65072d0ef786ccc02e6cab4

    SHA1

    68708446ab20f368a1d69bce6fffb28778673a23

    SHA256

    c7b16251b4df9f184578ec65e41e5a29eaac6f23f922b3428b420a3de6fbb24a

    SHA512

    6f080430ad94cd172190390ee6fed11b968910ed43e89a4b5602d1127eadbce93b26f6ee779f194d68ab38ee2abfdc19447520b329fe9128e7c4c165ea2938a9

    Download Submit

  • /data/user/0/com.baresucuvuzefa.feyi/shared_prefs/settings.xml
    Filesize

    136B

    MD5

    6eccda9809eb1a0469d837f6d709a5e4

    SHA1

    78e0de9f8683a3212cb92e3fed187d3570c280ee

    SHA256

    b93608fcdf6be4e1a5ac8ec1aa44fda38626d50290ceb7c4e86553961fdcf00d

    SHA512

    f6e04fe482f1e74f89c7eba7e19801f14a2babe6160d2f572f92f02b1bb9758eaac5311ed05872bd08aeec49ac29c5411b304a58b7807eef1bfaffd5cb414d54

    Download Submit

  • /data/user/0/com.baresucuvuzefa.feyi/shared_prefs/settings.xml
    Filesize

    180B

    MD5

    b3cbd7bce88d10db084abed2aebce0d0

    SHA1

    441855630e7f881c2140e469408b1257d43d1c23

    SHA256

    9273d61c26d58ceb5ec2d86d1e1ae7a9486375b5864d68e37d2a371518bba3b8

    SHA512

    b4f43aedb6d8e6b31edae69bb1ef4bcb1ee71ecec5e07183d325c102c1dbe0525d2d2d8f6310fca1812b89178602220f2dcbad525fa96c771c5d7a83d5bfbf07

    Download Submit

  • /data/user/0/com.baresucuvuzefa.feyi/shared_prefs/settings.xml
    Filesize

    268B

    MD5

    fe126063c139a6aa5ec1f0f956803f03

    SHA1

    4b24e72bc94ca310c0ae967b880719dbfb76a19d

    SHA256

    fcd89880278a7e2977e17f92056c901cc5492c6cfe5aeacf1ce5f8a258a43554

    SHA512

    3264dc3df947832e3175bb546cfa463e67482e4d05e6d5ebb02af2fe2d60bcd8c5789f3dca754b38fce1aece284ad95e9ed4edc498e5987f21107d70fde661f2

    Download Submit

  • /data/user/0/com.baresucuvuzefa.feyi/shared_prefs/settings.xml
    Filesize

    312B

    MD5

    6beee4dd527ac308a90844539bb233db

    SHA1

    5939b0cbacb7aaa53db6e1f7a1be14d0fbcaca05

    SHA256

    aee06a7ea032364738ae61bf32b76dc63b47dd717816c3d954612713ca86639c

    SHA512

    d4985be57779ad119fbc7b19822cb8954d56543e2ca4a19207ed70e14f5d6f9b8b9d971e25a936f537e1342711922c8c83151b625ef444c1cd724377c36e9118

    Download Submit