Overview

overview

10

Static

static

7

easy.apk

android-9-x86

10

easy.apk

android-10-x64

10

easy.apk

android-11-x64

10

Resubmissions

07-11-2022 15:28

221107-swmrlsgadl 10

27-04-2022 09:17

220427-k816rseadp 8

Analysis

  • max time kernel
    1387791s
  • max time network
    160s
  • platform
    android_x64
  • resource
    android-x64-20220823-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
  • submitted
    07-11-2022 15:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    easy.apk

  • Size

    4.5MB

  • MD5

    2cb58ccb6461e4fe22bb22c0a5f78f9e

  • SHA1

    c3b7edb3536045d3b81ad53c10405f04cf63bb3b

  • SHA256

    67ea3d38bed6ccdaeb3d929edd5afed9b1563d284a291f96e5bfa1c440e1a6dc

  • SHA512

    7245bebb6d9ef67469c6e7ece51f7fd8c74642cf2be7dd3a6519fc1c2ac7d196628db6f773ab939cb4386c180546dfdf5be930e0a8e3981d066a62b25768a913

  • SSDEEP

    98304:X9Aa3ecc0RLn60fR/1pL2LtrTCqcXuJt+jMWdJQ:XCOx2tc5MWdJQ

Score
10/10
ermacbankerinfostealerransomwaretrojan

Malware Config

Extracted

Family

ermac

C2

http://194.26.29.28:3434

AES_key
AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.blyyglzra.gcptyqoak
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4762

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.blyyglzra.gcptyqoak/app_webview/GPUCache/index
    Filesize

    48B

    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

    Download Submit

  • /data/user/0/com.blyyglzra.gcptyqoak/app_webview/GPUCache/index-dir/temp-index
    Filesize

    96B

    MD5

    318c2c5d4fbbd288bdd549d656a4e4aa

    SHA1

    3cadedbb08b7dcd089988ee32c55eea4c168b0e5

    SHA256

    da0f9dab8c412ecc543b947bcb917dd61f6e7948e56e4c9ec62d45e108ba80d6

    SHA512

    30314eea8c87d9083bceb8cacd00466b17ae57b1fef188076b4283c760f0355f020f20d2d3c29b42570fcfbe3c35cb913bb1c7282cce93f5d772c2ae14bd2298

    Download Submit

  • /data/user/0/com.blyyglzra.gcptyqoak/app_webview/Web Data
    Filesize

    112KB

    MD5

    b663831f8cc130493476d94f2d7a5330

    SHA1

    043a1956ab8e40821d67043f8a9110a8eb36fb93

    SHA256

    c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

    SHA512

    e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

    Download Submit

  • /data/user/0/com.blyyglzra.gcptyqoak/app_webview/Web Data-journal
    Filesize

    1KB

    MD5

    0e91f77da815e56e8b25e2e28ae9eedf

    SHA1

    e23833455b3b5d4b895e33a0b5567b8e5c5f71f2

    SHA256

    9d7e4cb73340418719c01f0833967393c37c77acd8f509ffa31487bf1b989f61

    SHA512

    8f999ad76aee1c263f6ba0c134c87284196fe5328a9f28ab641494b00f0105e0fea972e8fdb05d936a763b24b5bd0437a6f45a997453e0625d0ed2bd2ccf7290

    Download Submit

  • /data/user/0/com.blyyglzra.gcptyqoak/app_webview/metrics_guid
    Filesize

    36B

    MD5

    a80fb3e30305093806a9e2c5a8b99b47

    SHA1

    74c681c0cd2b903b3958983b6033e92996aaca4f

    SHA256

    782d7b3caba06248b4d08399de448bbb7d58b8bcef34f85aea2eb6d1e98d1906

    SHA512

    e49c79c5bb060d53593caa6124c2682c5727901525c0ad83512393a31e068720396143945e0c9c249a4af7f76188658f09308fc02b7e5ed9a82d519ca16f1eac

    Download Submit

  • /data/user/0/com.blyyglzra.gcptyqoak/cache/WebView/Crashpad/settings.dat
    Filesize

    40B

    MD5

    40990ad2fda17933bad017f54e7d1973

    SHA1

    21810e01061ee335098ca2e20a404397609b1463

    SHA256

    47cfa054d193972f5b8a4af8025a16c73e0563c4dea2a9555aa3fd7c32ecdc22

    SHA512

    d2673a96637bf464bdeea6b52d9ba32847aa5cedf9d19aeff456408e838fe25a6b1074aad2b1b0b41384c26fc932b5eff776de88703ff5137a1e440342121a8e

    Download Submit

  • /data/user/0/com.blyyglzra.gcptyqoak/cache/org.chromium.android_webview/Code Cache/js/index
    Filesize

    48B

    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

    Download Submit

  • /data/user/0/com.blyyglzra.gcptyqoak/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
    Filesize

    96B

    MD5

    f49c3a7baa679302a5d480d60ec039b2

    SHA1

    2145c53f66df0dd1238cf12bf6aa0cfbe2c8cf0b

    SHA256

    d0f9a83b80b01e58601f604bff33c9889637ce42ee20118b7c5f300d45f885fd

    SHA512

    f57d16f2441cea418047a283053091cf419ada566ea395ff8a2e59e7c0426748f1d7e735bb761236df1c99553948b6b3156f5f5f3846cd0b9381224730771ac4

    Download Submit

  • /data/user/0/com.blyyglzra.gcptyqoak/shared_prefs/WebViewChromiumPrefs.xml
    Filesize

    127B

    MD5

    6ef709b8536878951e87c29a1518fc2b

    SHA1

    24376c70b00152501b3d98df61fa7db435339172

    SHA256

    10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

    SHA512

    96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

    Download Submit

  • /data/user/0/com.blyyglzra.gcptyqoak/shared_prefs/multidex.version.xml
    Filesize

    307B

    MD5

    29d88090302dbe6bd5c095bd901a5c73

    SHA1

    a623b74b93d13efcfedb502dcb14c39aae81b580

    SHA256

    9aee58135379954cac01951d49dea297c9e82f4d6cb97c275aae01c1948d15ee

    SHA512

    c441830b761ccbffe06f714b223cb2f1e738272fe175c4a90aa0fe072fa88e400608a6ad9b97a75f6551d09e832718dcc1fdf13ab4959a32717a6b8f575ec3f4

    Download Submit

  • /data/user/0/com.blyyglzra.gcptyqoak/shared_prefs/settings.xml
    Filesize

    136B

    MD5

    4daf813392aa372d8c146e024f95496f

    SHA1

    f81fde61a7e98f538524e5ece6a5084116dc2d50

    SHA256

    12befdd7862a215128730c89b70053357721a91f7528a226a307c4824a6fe761

    SHA512

    0be7cfe74cff83c686828ca49e55f1939ab1a0a5ffedc4547b0633f87714531a95b6ce7a258fd283b97e8afed9c1a82b6ca2f7f3e222d3eccaea6e4f03f260d7

    Download Submit

  • /data/user/0/com.blyyglzra.gcptyqoak/tyjjghkggi/dGd97dgghohgy8f/base.apk.heUUyjG1.oht
    Filesize

    1.4MB

    MD5

    9a7d633f75564ce5efa3b07fe0256742

    SHA1

    7069a052192c0f23309909d7ef2d831c0be628ed

    SHA256

    c9d6b21411d4e89cf0b140240c74a406bf1138075c7c47e07231ec3fd84385bd

    SHA512

    119bb85e808620b4ac977084e8b19b88e72ede53d3e06498ca8af3d2f6e8be50b00deea56d572a71ea92287d8622efe08c7566301d06d154f9f23ab617617638

    Download Submit