Overview

overview

10

Static

static

7

5A29D563C1...1F.apk

android-9-x86

10

5A29D563C1...1F.apk

android-10-x64

10

5A29D563C1...1F.apk

android-11-x64

10

Analysis

  • max time kernel
    1458573s
  • max time network
    160s
  • platform
    android_x86
  • resource
    android-x86-arm-20220823-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
  • submitted
    08-11-2022 12:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5A29D563C11DCA7D605D426C3269E75682B215D10CF5682B4C8044D5A34B501F.apk

  • Size

    3.5MB

  • MD5

    f56d57be9f495615154236c98c58c5cc

  • SHA1

    91a8d4482312ff2ac04b218789d4c18030610b9e

  • SHA256

    5a29d563c11dca7d605d426c3269e75682b215d10cf5682b4c8044d5a34b501f

  • SHA512

    3b45f6152aaf461ad00a2de8a1e2bed7faadcddba9aea71950b4d10b027e3b9837de7d555a1d93128a733c0e59c418b7ae62f733262a5cacdea0b4bfc9acf090

  • SSDEEP

    49152:P7MG0Ebz89nLkrTrp9FuuCC1DsgbV56VNmR1RW6Ndq33Hau13patLvxUlgNuFFM+:DM6zakfrD8uCQ562186Tq3beVJqOKF9

Score
10/10
ermacbankerevasioninfostealerransomwaretrojan

Malware Config

Extracted

Family

ermac

C2

http://193.106.191.121:3434

AES_key
AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 2 IoCs
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.zejabimebenofe.ledido
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4080
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zejabimebenofe.ledido/app_DynamicOptDex/jfy.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.zejabimebenofe.ledido/app_DynamicOptDex/oat/x86/jfy.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.zejabimebenofe.ledido/app_DynamicOptDex/jfy.json
    Filesize

    455KB

    MD5

    a5fbe07462fdd82c518c287681008e21

    SHA1

    2c70a7f77acb57839e92574bcea6c38ec5d0dcd7

    SHA256

    70f7c69c69e50e45b08f6689f6cb9571c51595cf268ecb01cd1c35a28e7bdddd

    SHA512

    f2555b0889779e28b39cb1fe841c359a222fda1c3a3427c948527ea06ca55ccce6d3634ad6665fa89141e422e82c7720e61889d91fdadaa4698a5ae955c4f31a

    Download Submit

  • /data/user/0/com.zejabimebenofe.ledido/app_DynamicOptDex/jfy.json
    Filesize

    899KB

    MD5

    91cc38abc1b669f4adeea0d59a39f861

    SHA1

    8b68458e466fa12a938f830a43b8c91f161a5eb8

    SHA256

    e111566b6ff538c7822c486b76fd26697d3a9f5504cf5811b31afb8d9d602f16

    SHA512

    9c790b5a7eded2529be758a80b8bdbd2e815645461fe53ed871e88bf0f20828cb4e128f3a207903af22728c7409a8c3c6d0dc7ed145c25c5ec00b192088fca31

    Download Submit

  • /data/user/0/com.zejabimebenofe.ledido/app_DynamicOptDex/jfy.json
    Filesize

    899KB

    MD5

    0fb1393e0f8689ff53eeac71986184b6

    SHA1

    28f19e22592dd47aad2a675c7c25fb040eca64c7

    SHA256

    ba84f3df748fd4a7ca47989e04b94b69b0a295a46f04011a982aff068783902d

    SHA512

    768d5edd17f65fbebea80631960648d2475074377b8aba285dd5c5b8f027362f47327e1e4d5f2b62c5971fc9e434af8746030f452ce5576b853f590222b2abeb

    Download Submit

  • /data/user/0/com.zejabimebenofe.ledido/shared_prefs/settings.xml
    Filesize

    138B

    MD5

    f648a03416ba9863e58d7cb2edb8965d

    SHA1

    2730779cd93ddf3c0c4d1891eb8bf6b7e38fbe36

    SHA256

    df045248c07cda5fd8db594566294c51596e0815f76ab25a9ceb0e787bfb0dc0

    SHA512

    d11ca62a27291453f1605f7837da3618973edf308e3445b1d69043e23373275f1c99b70b4b47d464aec9e637b940792cb2bc981ddae526681cf88834f105d649

    Download Submit

  • /data/user/0/com.zejabimebenofe.ledido/shared_prefs/settings.xml
    Filesize

    182B

    MD5

    57bc8a9bc73636589248c7eccab99eea

    SHA1

    93a861f3792a01790e6ce5f333d142827cec5fb1

    SHA256

    469d70f4e3fd295f0a832b5d2642c4052ee689bc7222b8f47e0436c544683e0e

    SHA512

    2075cb945b0bc86866d960fb5db96288f84bd10e00e9ef74502efe3b969033bddada49d931aa2fd8d12a24e0ad984f0c23bc40ee5d4cbb3f6ee397724ff99f43

    Download Submit

  • /data/user/0/com.zejabimebenofe.ledido/shared_prefs/settings.xml
    Filesize

    270B

    MD5

    1341c4c10ab866d1975a407ad13a4599

    SHA1

    b7423e3b68b59507d16161042a8d318b8c126e2d

    SHA256

    0f895908f1808d762aa53c2ec682dea0f8e85736b30c7f9145a9588f781edc35

    SHA512

    2ac4a18505bc6f40f0a71350382c5677e2315a64d4c5d4e5aa956bde2479dd2962f452dfa89186670e7e5f4729727574487c845b7dc31e076e923217ee62391d

    Download Submit

  • /data/user/0/com.zejabimebenofe.ledido/shared_prefs/settings.xml
    Filesize

    314B

    MD5

    3eca0fade5c72542d69297255354c3db

    SHA1

    bc1bb7dac45d74138effee8b44f19cc1b887a0dc

    SHA256

    ac654f2ff57355d36592d2cb9d03f6837c64e3f2d2bc5c2bbe19d24bcd196622

    SHA512

    52cf8305f1853776d0a552408f0845b648530283b8044d16356d973cd9067dcf5d1b123e6777597e14b5f6a52e8b31e51db2b757256bb6dde5126d8d25477efe

    Download Submit