Overview

overview

10

Static

static

7

paypal.apk

android-9-x86

10

paypal.apk

android-10-x64

10

paypal.apk

android-11-x64

10

Analysis

  • max time kernel
    4203254s
  • max time network
    163s
  • platform
    android_x64
  • resource
    android-x64-20220823-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
  • submitted
    21-10-2022 12:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    paypal.apk

  • Size

    2.6MB

  • MD5

    16e991d73049f1ef5b8f5fa0c075ef05

  • SHA1

    79b5c686478c3db742666068d3835eb3409af32a

  • SHA256

    f4ebdcef8643dbffe8de312cb47c1f94118e6481a4faf4166badfd98a0a9c5d3

  • SHA512

    4b6709f86718a6348feb4dffbf9094594ae269b89a4ff7dac2c0d83f6320f46a3958711ad9c6e49121eedd0e47d5365d19275459653992366c62ce2d1643801e

  • SSDEEP

    49152:Y/cThIEUoEPCM0FjUT8uD4f14CUnA6CKe8NbLDMR:YEFIdP9q9GTn9CctX8

Score
10/10
ermacbankerinfostealerransomwaretrojan

Malware Config

Extracted

Family

ermac

C2

http://193.106.191.121:3434

AES_key
AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.baresucuvuzefa.feyi
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.baresucuvuzefa.feyi/app_DynamicOptDex/iRFFA.json
    Filesize

    456KB

    MD5

    2d3729402d72914c1922d6c6f352afce

    SHA1

    ee2a7f3c481283d8d0d3347e729ec73099fe23f0

    SHA256

    9f191ea1bfd45d523ccc0b47ac0801563cbc20b3d5dcbf88498e40af45405b0f

    SHA512

    99187a1bed193295389ca7f8f9b8f219deb82ae3a61d44454fc6d9d252c8d4a5e27a873d2df084ffa44d5c8dad9addc8f3cf7caaf22a49914bcbbfd65474e14a

    Download Submit

  • /data/user/0/com.baresucuvuzefa.feyi/app_DynamicOptDex/iRFFA.json
    Filesize

    899KB

    MD5

    3f25cf0fc65072d0ef786ccc02e6cab4

    SHA1

    68708446ab20f368a1d69bce6fffb28778673a23

    SHA256

    c7b16251b4df9f184578ec65e41e5a29eaac6f23f922b3428b420a3de6fbb24a

    SHA512

    6f080430ad94cd172190390ee6fed11b968910ed43e89a4b5602d1127eadbce93b26f6ee779f194d68ab38ee2abfdc19447520b329fe9128e7c4c165ea2938a9

    Download Submit

  • /data/user/0/com.baresucuvuzefa.feyi/app_webview/GPUCache/index
    Filesize

    48B

    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

    Download Submit

  • /data/user/0/com.baresucuvuzefa.feyi/app_webview/GPUCache/index-dir/temp-index
    Filesize

    96B

    MD5

    77a2db01c13094c623936447445fb62e

    SHA1

    e7e9ea58f16323388a66036900d058d86486be4d

    SHA256

    0dcad1b7ad6b587991648588d1460a43cf4371ac25d1f569544bc4ed1f32a8ea

    SHA512

    f9649a3fef2b9c567587ba538a95524fd7d42808c01ded4b0476fdf6579a285a1e667955e1e2f3e2877d3d941348ff5de41681500b533a260e6f4eaf387ee8ba

    Download Submit

  • /data/user/0/com.baresucuvuzefa.feyi/app_webview/Web Data
    Filesize

    112KB

    MD5

    b663831f8cc130493476d94f2d7a5330

    SHA1

    043a1956ab8e40821d67043f8a9110a8eb36fb93

    SHA256

    c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

    SHA512

    e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

    Download Submit

  • /data/user/0/com.baresucuvuzefa.feyi/app_webview/Web Data-journal
    Filesize

    1KB

    MD5

    deadf8d37ab06ed296091b6408d1189f

    SHA1

    7e69deb69f68e1d0b5a5c547f1cd800ad9ad7295

    SHA256

    7a6894c2bb9d2548bc7fb651734ce9e4e9167aea035a6df83708b0bb458e8351

    SHA512

    2909500d36c69044ebb3a881ff4813ea33e7cedfc53cb0442820c68f87c57189f6d17e4e9313de249336e775823c69046e132fc2a46d88233af53406deec2a7c

    Download Submit

  • /data/user/0/com.baresucuvuzefa.feyi/app_webview/metrics_guid
    Filesize

    36B

    MD5

    ff2bc97dd1219f6f6eb9ce5e5fe33601

    SHA1

    8c44aa269feadbc97b00b19b3c591b233ede4885

    SHA256

    62269f5837e348ba8ec0517d0bdeb4f741d1905ded0d8b2991e317b1527544b5

    SHA512

    4b7c36379e1b386cea8302b88f4577ac907ff98a31316fd87fd9ce2fe6af2f740d0bc00968ca2d7b05414977d0cb838431b614af3ac7db1f1d222733aa22f9d4

    Download Submit

  • /data/user/0/com.baresucuvuzefa.feyi/cache/WebView/Crashpad/settings.dat
    Filesize

    40B

    MD5

    1006d5d99a3b5d803d3f7f4adde9046a

    SHA1

    d4b4dceecdc6b6915995bb18e76f0c5ff59d715e

    SHA256

    4225dcd95a3adeeea167fbd3e2f0bd008f78f3c9fd6cf0fc1829092c51b7c22c

    SHA512

    17f7701ac569e9ceffb2bf9411b74865ba13cfc9aef97591f9d7bccd1cef32eec7105f57125012a1dfe11f86943e70deb71f3ab5ba53c54adbe8148ddb95436c

    Download Submit

  • /data/user/0/com.baresucuvuzefa.feyi/cache/org.chromium.android_webview/Code Cache/js/index
    Filesize

    48B

    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

    Download Submit

  • /data/user/0/com.baresucuvuzefa.feyi/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
    Filesize

    96B

    MD5

    b232df822c2c4b867fa907fecb46966a

    SHA1

    20d99ce979b22e9814b1c17a1d0470ca1c03e117

    SHA256

    439dceac804fa40559aaab3b19e21eccc394042e7ff538612b71896e3484c711

    SHA512

    355fc23f8658f5bff73956a1a816971e3b64d3bdd6db9ee30a94b33e85b58e6562be9ffe6499f0776b33fde2e3b6ee615fb8e4c542424181ae6d91c05186615e

    Download Submit

  • /data/user/0/com.baresucuvuzefa.feyi/shared_prefs/WebViewChromiumPrefs.xml
    Filesize

    127B

    MD5

    6ef709b8536878951e87c29a1518fc2b

    SHA1

    24376c70b00152501b3d98df61fa7db435339172

    SHA256

    10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

    SHA512

    96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

    Download Submit

  • /data/user/0/com.baresucuvuzefa.feyi/shared_prefs/settings.xml
    Filesize

    136B

    MD5

    6eccda9809eb1a0469d837f6d709a5e4

    SHA1

    78e0de9f8683a3212cb92e3fed187d3570c280ee

    SHA256

    b93608fcdf6be4e1a5ac8ec1aa44fda38626d50290ceb7c4e86553961fdcf00d

    SHA512

    f6e04fe482f1e74f89c7eba7e19801f14a2babe6160d2f572f92f02b1bb9758eaac5311ed05872bd08aeec49ac29c5411b304a58b7807eef1bfaffd5cb414d54

    Download Submit