Overview

overview

10

Static

static

7

ermac.apk

android-9-x86

10

ermac.apk

android-10-x64

10

ermac.apk

android-11-x64

10

Analysis

  • max time kernel
    185823s
  • max time network
    159s
  • platform
    android_x64
  • resource
    android-x64-20220823-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
  • submitted
    13-12-2022 10:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ermac.apk

  • Size

    2.8MB

  • MD5

    4241a3067b87e687be063feb545fc3c2

  • SHA1

    05d7fe38dd0b7f2132a9e7e9f0cecf585debbb65

  • SHA256

    ea832ffd966341b068065875ce11cd5f3021487475947322ec8cc93af6f6f4f9

  • SHA512

    9f9719e5079562413daa2d5d06893dfac55202029c8ecd9959ba246a417b30ed031fd72d59e8929b6579aeefd9f0d20d2c5cfd932fa80f57ba70a329a597a4e6

  • SSDEEP

    49152:B7MG0EhsS++NP4feDJCSnviujng53+mmaIHYXKOdpbyHQwz356Vd:xMMs0rJXbjnUOUDbywwt6/

Score
10/10
ermacbankerinfostealerransomwaretrojan

Malware Config

Extracted

Family

ermac

C2

http://193.106.191.116:3434

AES_key
AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.yakiminamodalixe.yeki
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4757

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.yakiminamodalixe.yeki/app_DynamicOptDex/BoL.json
    Filesize

    456KB

    MD5

    d7eac7fe74d66dae172ec38998426d48

    SHA1

    98bc80c68c952d491fedd9d2f5bbadcb24c4205a

    SHA256

    048b642df3d107bc8e174e20c1ee046e199dbb9a57c06354e7f89b4b9e6d814a

    SHA512

    9235f70fca71c044cf944d339fa84e9cd745aefd778cd87f0171f553e5c71c95ed08ad9b893b2293b37a685871d0512810160c933b497ce34c07f4552bc99036

    Download Submit

  • /data/user/0/com.yakiminamodalixe.yeki/app_DynamicOptDex/BoL.json
    Filesize

    898KB

    MD5

    ebacab6e940475ee3fca9138e359a9a6

    SHA1

    e81586cc2ed81e0965f3aa9564582e7444e007cf

    SHA256

    3d18939b0a6e724e31423dfcb146013e8fb992db47faa08e271d951728cddeca

    SHA512

    65011451ee2957e18806b2f0da2023d77101ef7d5997b40b98f3d9c544f54b0c54ec934b49f96341947b9adcb65e42daab04a72a57864f1264127085055de632

    Download Submit

  • /data/user/0/com.yakiminamodalixe.yeki/app_webview/GPUCache/index
    Filesize

    48B

    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

    Download Submit

  • /data/user/0/com.yakiminamodalixe.yeki/app_webview/GPUCache/index-dir/temp-index
    Filesize

    96B

    MD5

    5cf6a38263f507ca9c7b5e16d8b7ac6d

    SHA1

    a312a6a38d11307b0708dd3507a1421bc69d97d6

    SHA256

    54602f8b08ec686110b208b90e2b7f9692555983d63879b390cf803de65c8629

    SHA512

    43b9f19bf87cfb03c678b6279a05d856a77ecc753f3a96071a48a2ef14571c80dc4ef2001a48d4628a84babcf528ac71a793d81c5f7b488abb4a864f84210d10

    Download Submit

  • /data/user/0/com.yakiminamodalixe.yeki/app_webview/Web Data
    Filesize

    112KB

    MD5

    b663831f8cc130493476d94f2d7a5330

    SHA1

    043a1956ab8e40821d67043f8a9110a8eb36fb93

    SHA256

    c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

    SHA512

    e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

    Download Submit

  • /data/user/0/com.yakiminamodalixe.yeki/app_webview/Web Data-journal
    Filesize

    1KB

    MD5

    986fa2c9f630c87d8a5a0110e0bb56ad

    SHA1

    2fadaa9778a0ad20106885c53552a953b2751f26

    SHA256

    b519c6f6dfe54734bdf6ddc9e90837a50e9774775094355d7df5fecd4580f863

    SHA512

    6a12391cfaa18519ed51b27c9c67acc9f77c9bef16bc5741aa0d30261bd2484b5c8783744c1104580418cec10f5b6a87116cd038e08a8a6e1af9b0223e8c57ac

    Download Submit

  • /data/user/0/com.yakiminamodalixe.yeki/app_webview/metrics_guid
    Filesize

    36B

    MD5

    0a629d2f22a28811dc874e27aadee1d8

    SHA1

    b78fbf273b659756dceb92dd68e3a171d75d4fe5

    SHA256

    f509bb0d471683dc70fca23c339e6cfe5592a97d4c0c4ebb387a7879a57fb3b6

    SHA512

    01de070928382b5d6886595d5df34df19b54fedac6de539019c4163e165bdc4862125c678582e26c18a75fdd57f63753080d6c4546a2eb9f26ed3d8caaf80dfe

    Download Submit

  • /data/user/0/com.yakiminamodalixe.yeki/cache/WebView/Crashpad/settings.dat
    Filesize

    40B

    MD5

    4e06d87b35db321c36ccaf1b2645a4c9

    SHA1

    5e1fcafe5a57134b993363123aa4b4077957a40e

    SHA256

    8bd3f075ce8e2abd7e9ae2f9eb2b3919c22fefaa3b1904055993cfb4d6c08a5b

    SHA512

    be430f1a33d8d8ade36f48b743e9424e84f91d543181f060fe20975784ccdd50dedc8e8bec009f5ae8af12d03520ae5489869ca3fd5fd5e1e5ef288a8e6d7e9c

    Download Submit

  • /data/user/0/com.yakiminamodalixe.yeki/cache/org.chromium.android_webview/Code Cache/js/index
    Filesize

    48B

    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

    Download Submit

  • /data/user/0/com.yakiminamodalixe.yeki/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
    Filesize

    96B

    MD5

    a8ac1484bfe963b70e3b1f3c98e14d44

    SHA1

    db3d265eac609b3434d56cb6cf70ba2427ed0aa6

    SHA256

    425b74fc313bddc9e52610f6ed106772a1fbe199621e443a0c07e3f0d2e37f60

    SHA512

    0a9ca4c62b6a28536b1cfa5eb87bfa186af02a9ecff1b84831454ac3e94ba30e38d40dd5d521d1e26b43b0076523a415cb07128c6700d6534edb52959dd7f9a2

    Download Submit

  • /data/user/0/com.yakiminamodalixe.yeki/shared_prefs/WebViewChromiumPrefs.xml
    Filesize

    127B

    MD5

    6ef709b8536878951e87c29a1518fc2b

    SHA1

    24376c70b00152501b3d98df61fa7db435339172

    SHA256

    10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

    SHA512

    96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

    Download Submit

  • /data/user/0/com.yakiminamodalixe.yeki/shared_prefs/settings.xml
    Filesize

    138B

    MD5

    8ca59ae379c52c7144d27c9e385cf61f

    SHA1

    a12d7304299667056881807a61aa0578f84bf648

    SHA256

    5b41094c3b36b5e1fa1eb1d582d3984bec4c9a860243633a25bedb12c2f60969

    SHA512

    0b966df34a9a950416494bd3ff5352862a826274c0658e3012bd6fd25ce09f36c0d3d0c6992c91dab484ddba4c9632d60668ff26b5b4237dd5cad43d6ae9fc0c

    Download Submit