Overview

overview

10

Static

static

7

5A29D563C1...1F.apk

android-9-x86

10

5A29D563C1...1F.apk

android-10-x64

10

5A29D563C1...1F.apk

android-11-x64

10

Analysis

  • max time kernel
    1462193s
  • max time network
    162s
  • platform
    android_x64
  • resource
    android-x64-20220823-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
  • submitted
    08-11-2022 12:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5A29D563C11DCA7D605D426C3269E75682B215D10CF5682B4C8044D5A34B501F.apk

  • Size

    3.5MB

  • MD5

    f56d57be9f495615154236c98c58c5cc

  • SHA1

    91a8d4482312ff2ac04b218789d4c18030610b9e

  • SHA256

    5a29d563c11dca7d605d426c3269e75682b215d10cf5682b4c8044d5a34b501f

  • SHA512

    3b45f6152aaf461ad00a2de8a1e2bed7faadcddba9aea71950b4d10b027e3b9837de7d555a1d93128a733c0e59c418b7ae62f733262a5cacdea0b4bfc9acf090

  • SSDEEP

    49152:P7MG0Ebz89nLkrTrp9FuuCC1DsgbV56VNmR1RW6Ndq33Hau13patLvxUlgNuFFM+:DM6zakfrD8uCQ562186Tq3beVJqOKF9

Score
10/10
ermacbankerinfostealerransomwaretrojan

Malware Config

Extracted

Family

ermac

C2

http://193.106.191.121:3434

AES_key
AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.zejabimebenofe.ledido
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4761

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.zejabimebenofe.ledido/app_DynamicOptDex/jfy.json
    Filesize

    455KB

    MD5

    a5fbe07462fdd82c518c287681008e21

    SHA1

    2c70a7f77acb57839e92574bcea6c38ec5d0dcd7

    SHA256

    70f7c69c69e50e45b08f6689f6cb9571c51595cf268ecb01cd1c35a28e7bdddd

    SHA512

    f2555b0889779e28b39cb1fe841c359a222fda1c3a3427c948527ea06ca55ccce6d3634ad6665fa89141e422e82c7720e61889d91fdadaa4698a5ae955c4f31a

    Download Submit

  • /data/user/0/com.zejabimebenofe.ledido/app_DynamicOptDex/jfy.json
    Filesize

    899KB

    MD5

    0fb1393e0f8689ff53eeac71986184b6

    SHA1

    28f19e22592dd47aad2a675c7c25fb040eca64c7

    SHA256

    ba84f3df748fd4a7ca47989e04b94b69b0a295a46f04011a982aff068783902d

    SHA512

    768d5edd17f65fbebea80631960648d2475074377b8aba285dd5c5b8f027362f47327e1e4d5f2b62c5971fc9e434af8746030f452ce5576b853f590222b2abeb

    Download Submit

  • /data/user/0/com.zejabimebenofe.ledido/app_webview/GPUCache/index
    Filesize

    48B

    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

    Download Submit

  • /data/user/0/com.zejabimebenofe.ledido/app_webview/GPUCache/index-dir/temp-index
    Filesize

    96B

    MD5

    6489e0cf1bd77cd47c3eb8526e732d0b

    SHA1

    d6fdcf9a4d2157fd06075e5ec20a7e9f68e41dbc

    SHA256

    532ed06705c8e4ab6352a64dbc5196aa851bca75b20a6c0a8fde995c6a458831

    SHA512

    e09de592fd5de4963e532fd583d7aa78f75429fc42fcc497d4b98db8e7994784182332b6e76b1da83fb23519e2eb1bc73a0f4240357a0226a2797fbec9785b56

    Download Submit

  • /data/user/0/com.zejabimebenofe.ledido/app_webview/Web Data
    Filesize

    112KB

    MD5

    b663831f8cc130493476d94f2d7a5330

    SHA1

    043a1956ab8e40821d67043f8a9110a8eb36fb93

    SHA256

    c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

    SHA512

    e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

    Download Submit

  • /data/user/0/com.zejabimebenofe.ledido/app_webview/Web Data-journal
    Filesize

    1KB

    MD5

    bcbc0b527cc4557439af3d5bb6770fb3

    SHA1

    c7326143dc95156450015bab8f2bb172af0e42f6

    SHA256

    2590e2006318765d32eda80f75d93fb65dc10afa2455ddf5b53b15f7ff874f53

    SHA512

    8586a15b6d7763afc326c4000bf550e22f2170a238561a35eaf58d1a384374ea3a65b51037a5900acdcd802d15146033cc3af9ae759953b9897d432ff03c1a24

    Download Submit

  • /data/user/0/com.zejabimebenofe.ledido/app_webview/metrics_guid
    Filesize

    36B

    MD5

    b7dc15d4f92f09c1f46d85f96cddc343

    SHA1

    df128a9c0d081710322b9b9a0da3c0f8b56edf20

    SHA256

    2d0e7acb3050c74ffd6b246861618d7301942d1de89f1cde6cfe057bf00a80a3

    SHA512

    b3f3adde356b1d53709b4b41a56d3202f05c90eb348c3eac29131c8c76a61668916c7fe523d744db52430cec132e736f50bc0e19aaf8f097240734b821850ebf

    Download Submit

  • /data/user/0/com.zejabimebenofe.ledido/cache/WebView/Crashpad/settings.dat
    Filesize

    40B

    MD5

    1356050de6c13f384ee5a373560d23f6

    SHA1

    4c3893a2238c92cd8cafe934014df81306d0243e

    SHA256

    926234e0774bb123a095ab86756ee0ca1757da5fab6faa1d7305fc294017dbb9

    SHA512

    169cad114858e80ce227f30cf5ddb5f153777f452931c4c2675110c299a91a16d54207daed66cee44c5280b9234e462fe87dd928d302f5fb20f7d196ba3bdf5a

    Download Submit

  • /data/user/0/com.zejabimebenofe.ledido/cache/org.chromium.android_webview/Code Cache/js/index
    Filesize

    48B

    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

    Download Submit

  • /data/user/0/com.zejabimebenofe.ledido/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
    Filesize

    96B

    MD5

    f1c7df8c6290e7f86b251c37654934b1

    SHA1

    5305197ec8fc6376a4939202f5a0911d5dc06a04

    SHA256

    21b5b8cc7f3f90887a4f60a900df608497259fae8f23dc1f5517e8dcef42d19a

    SHA512

    6bf232360f6d9e1eb9f3a09fd684aae6ad50c784add07894e6d1ace0c53ebe8b03b7eb5b7abadc7d217864194a2d988e01672cfc809bea6bb0de60fac51a2fcc

    Download Submit

  • /data/user/0/com.zejabimebenofe.ledido/shared_prefs/WebViewChromiumPrefs.xml
    Filesize

    127B

    MD5

    6ef709b8536878951e87c29a1518fc2b

    SHA1

    24376c70b00152501b3d98df61fa7db435339172

    SHA256

    10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

    SHA512

    96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

    Download Submit

  • /data/user/0/com.zejabimebenofe.ledido/shared_prefs/settings.xml
    Filesize

    138B

    MD5

    f648a03416ba9863e58d7cb2edb8965d

    SHA1

    2730779cd93ddf3c0c4d1891eb8bf6b7e38fbe36

    SHA256

    df045248c07cda5fd8db594566294c51596e0815f76ab25a9ceb0e787bfb0dc0

    SHA512

    d11ca62a27291453f1605f7837da3618973edf308e3445b1d69043e23373275f1c99b70b4b47d464aec9e637b940792cb2bc981ddae526681cf88834f105d649

    Download Submit