Overview

overview

10

Static

static

7

easy.apk

android-9-x86

10

easy.apk

android-10-x64

10

easy.apk

android-11-x64

10

Resubmissions

07-11-2022 15:28

221107-swmrlsgadl 10

27-04-2022 09:17

220427-k816rseadp 8

Analysis

  • max time kernel
    1384036s
  • max time network
    15s
  • platform
    android_x86
  • resource
    android-x86-arm-20220823-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
  • submitted
    07-11-2022 15:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    easy.apk

  • Size

    4.5MB

  • MD5

    2cb58ccb6461e4fe22bb22c0a5f78f9e

  • SHA1

    c3b7edb3536045d3b81ad53c10405f04cf63bb3b

  • SHA256

    67ea3d38bed6ccdaeb3d929edd5afed9b1563d284a291f96e5bfa1c440e1a6dc

  • SHA512

    7245bebb6d9ef67469c6e7ece51f7fd8c74642cf2be7dd3a6519fc1c2ac7d196628db6f773ab939cb4386c180546dfdf5be930e0a8e3981d066a62b25768a913

  • SSDEEP

    98304:X9Aa3ecc0RLn60fR/1pL2LtrTCqcXuJt+jMWdJQ:XCOx2tc5MWdJQ

Score
10/10
ermacbankerinfostealerransomwaretrojan

Malware Config

Extracted

Family

ermac

AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 2 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.blyyglzra.gcptyqoak
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4035
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.blyyglzra.gcptyqoak/tyjjghkggi/dGd97dgghohgy8f/base.apk.heUUyjG1.oht --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.blyyglzra.gcptyqoak/tyjjghkggi/dGd97dgghohgy8f/oat/x86/base.apk.heUUyjG1.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4073

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.blyyglzra.gcptyqoak/shared_prefs/multidex.version.xml
    Filesize

    307B

    MD5

    b1074aaa5e3a196fdbc360efb888cc6f

    SHA1

    0bb22b772936ef3f0ae0a58a355ebb4862ef2634

    SHA256

    78755a9b116fa2fddb631868ebf42ec4b4d716f428805a2cfc9753ad342ba7d2

    SHA512

    2fae1ec6e541c52838789b7ec4922efafcde9bb1d9cfdd35f6031a84ad15ef148f933b962668bd22ad84b44157fa29bd94519160e337455747caf0518a7ea112

    Download Submit

  • /data/user/0/com.blyyglzra.gcptyqoak/shared_prefs/settings.xml
    Filesize

    136B

    MD5

    4daf813392aa372d8c146e024f95496f

    SHA1

    f81fde61a7e98f538524e5ece6a5084116dc2d50

    SHA256

    12befdd7862a215128730c89b70053357721a91f7528a226a307c4824a6fe761

    SHA512

    0be7cfe74cff83c686828ca49e55f1939ab1a0a5ffedc4547b0633f87714531a95b6ce7a258fd283b97e8afed9c1a82b6ca2f7f3e222d3eccaea6e4f03f260d7

    Download Submit

  • /data/user/0/com.blyyglzra.gcptyqoak/tyjjghkggi/dGd97dgghohgy8f/base.apk.heUUyjG1.oht
    Filesize

    1.4MB

    MD5

    6a9504e8a50aa3e33f824b864ca814a6

    SHA1

    51a81afb0e55f14ece0002188b70e1707c8d8c31

    SHA256

    bbd73a3e6222b9fa11482d05848c9958be853404c5b364a27f269d143fefdbc1

    SHA512

    cb62fab63dccb4cb19aa476e5031a3c528a312d23d40095e1655a1e8d88fb362b826f1dd83e090e16d51299d7d4bee4ff452acbb412f5a1037a451dee8a782c9

    Download Submit

  • /data/user/0/com.blyyglzra.gcptyqoak/tyjjghkggi/dGd97dgghohgy8f/base.apk.heUUyjG1.oht
    Filesize

    1.4MB

    MD5

    9a7d633f75564ce5efa3b07fe0256742

    SHA1

    7069a052192c0f23309909d7ef2d831c0be628ed

    SHA256

    c9d6b21411d4e89cf0b140240c74a406bf1138075c7c47e07231ec3fd84385bd

    SHA512

    119bb85e808620b4ac977084e8b19b88e72ede53d3e06498ca8af3d2f6e8be50b00deea56d572a71ea92287d8622efe08c7566301d06d154f9f23ab617617638

    Download Submit