Overview

overview

10

Static

static

7

0892942b07...08.apk

android-9-x86

10

0892942b07...08.apk

android-10-x64

10

0892942b07...08.apk

android-11-x64

10

Resubmissions

08-01-2023 07:12

230108-h1hy4sgd3s 10

30-08-2022 07:07

220830-hxmswsddgq 8

Analysis

  • max time kernel
    2419813s
  • max time network
    166s
  • platform
    android_x64
  • resource
    android-x64-20220823-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
  • submitted
    08-01-2023 07:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0892942b07717a4fdef6639d02c56ce6ddb8e599529d299facaeda1c0cb16808.apk

  • Size

    3.6MB

  • MD5

    4d291ffddce396d078d16f10c35d5e2e

  • SHA1

    1d9727aaf55191c9876e7c4b376dc2a6dd027a06

  • SHA256

    0892942b07717a4fdef6639d02c56ce6ddb8e599529d299facaeda1c0cb16808

  • SHA512

    1157293368632554da526e7795b1761877333e9d8eba34ccb21a45305aa88d58781ab42e5a7dfcd279ed23cc6317c6edf0609a175927551919ef60994da02452

  • SSDEEP

    98304:cN6uQZn8I4hoe+t+wgBxtxvAoJ+g2EtoAO2:cEcoft7kL1AdEtoA7

Score
10/10
ermacbankerinfostealerransomwaretrojan

Malware Config

Extracted

Family

ermac

C2

http://62.204.41.98:3434

AES_key
AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.cwblsehgz.ochxfcflb
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4847

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.cwblsehgz.ochxfcflb/app_webview/GPUCache/index
    Filesize

    48B

    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

    Download Submit

  • /data/user/0/com.cwblsehgz.ochxfcflb/app_webview/GPUCache/index-dir/temp-index
    Filesize

    96B

    MD5

    73e58cdf0e96385e9267f5b146875851

    SHA1

    531e15dc24cbe0cfdbbaf0999f29559c4d818e99

    SHA256

    38bd4c9d2d2d471c9b75ad2c844887cf53ff43e75eb1bb46483f86c1c8b01487

    SHA512

    3f509cac4c5243d27f5d0affdd6c0c337dbf6b8403b5c99f46d92ef135bf7707f9896744959f9e6409d72bd8e0b24688a101bc53b52fa7bfb1d82f36ca64b2fa

    Download Submit

  • /data/user/0/com.cwblsehgz.ochxfcflb/app_webview/Web Data
    Filesize

    112KB

    MD5

    b663831f8cc130493476d94f2d7a5330

    SHA1

    043a1956ab8e40821d67043f8a9110a8eb36fb93

    SHA256

    c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

    SHA512

    e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

    Download Submit

  • /data/user/0/com.cwblsehgz.ochxfcflb/app_webview/Web Data-journal
    Filesize

    1KB

    MD5

    84c25b4585b5c1c135fe2dedade6d065

    SHA1

    cdb599ef4786752c936e212aeee6a80bb17a775d

    SHA256

    cf0d474cf6ba5a65c6e7a2b1e53e3c44edb72013b903acc7013dc64ad7a45fc5

    SHA512

    853349da435c55225ebdf1db77c8b33cfe75b91c04f7171e2275a924afe8fb38289924a98cb882af220426d909af4ce381a2043a55445e452aa21cddba0c3c4d

    Download Submit

  • /data/user/0/com.cwblsehgz.ochxfcflb/app_webview/metrics_guid
    Filesize

    36B

    MD5

    9fc25f7210cefad013c86c4a3973b217

    SHA1

    620bbfea3231b5b077a791f019293fa7f363c0f7

    SHA256

    838f1e0280c30e7316ffe92bef574ce07489818e035713e4870d5fa9a2b02f58

    SHA512

    4dcab8a7a7c2d9f28faaf49dce6751b59932e6bf5a56e30f2a9bd6c14383c41fa6dbd9aff824eee04f335fd6595f6fef53f9a8c19b30dd72702393eafb33e15e

    Download Submit

  • /data/user/0/com.cwblsehgz.ochxfcflb/cache/WebView/Crashpad/settings.dat
    Filesize

    40B

    MD5

    ea815f0d3822da93fda5e438ec95ce34

    SHA1

    ef6992e8f002b841b49415b97d79647598f6de21

    SHA256

    4e47e7591b6e889a9cabe52e6acd1186d1daf6613a3de8393b83a76d1b98e590

    SHA512

    9b851472b12ffaa867a54ec03ff44f03074be814ddb909d20da3254cd203e648f41625fc6024ca4bc09109e5565c722465c091dbcb24eb0698d097c7bd48f66e

    Download Submit

  • /data/user/0/com.cwblsehgz.ochxfcflb/cache/org.chromium.android_webview/Code Cache/js/index
    Filesize

    48B

    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

    Download Submit

  • /data/user/0/com.cwblsehgz.ochxfcflb/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
    Filesize

    96B

    MD5

    e8d794b583d8b0fac73945266fc2c2e2

    SHA1

    365587af24937f374084e50dd973f3ec59539bfa

    SHA256

    171f83bb5173dd11cf58919eabab01c36a66b603ed4de3c498d6b9c611791339

    SHA512

    c420ac920f5c5258fc4c82ad68945f933e12960789a30da04a96236196753048edceff40daaf5eae4a2e9ea606ee539acd99917d4f1d6aa9b49027969c22f41b

    Download Submit

  • /data/user/0/com.cwblsehgz.ochxfcflb/khkjgU8hgy/dga6oI6gbIHjs4j/base.apk.yakhfds1.hkk
    Filesize

    1.3MB

    MD5

    ec1169d8d6412e6cd1146dbb40833dc1

    SHA1

    9376b58dbf56de90045611b176f92ef65578dc67

    SHA256

    6d0e90239201e97f3a1711a2bd32e02cb6d242e078d9484db5188e45f0b15ea7

    SHA512

    d307036b4aa93bcc4b7a6069413fab6bb18e5ddc7a8a951715fb8872b97e47ba0ff42af8ee5f455edb20945fae686165b8ed00f14475f490dc80d37ef891746a

    Download Submit

  • /data/user/0/com.cwblsehgz.ochxfcflb/shared_prefs/WebViewChromiumPrefs.xml
    Filesize

    127B

    MD5

    6ef709b8536878951e87c29a1518fc2b

    SHA1

    24376c70b00152501b3d98df61fa7db435339172

    SHA256

    10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

    SHA512

    96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

    Download Submit

  • /data/user/0/com.cwblsehgz.ochxfcflb/shared_prefs/multidex.version.xml
    Filesize

    307B

    MD5

    1a4ae69ee0c48d9edba9f8825fa49dd7

    SHA1

    d253030fef31fe3c46b1ac2bd82f380d0b594ed1

    SHA256

    908ae53bce169983f4f2e328f8691e2e39f175a296f5b655bfd2943058b6e397

    SHA512

    250c5b906482491d82d1b950ac4bce003c683174f6ae054aca5919163aa7174474c3e33602b04db60dafe1f54c9c673952e328d24e45da9658b6fb16a3a3536c

    Download Submit

  • /data/user/0/com.cwblsehgz.ochxfcflb/shared_prefs/settings.xml
    Filesize

    136B

    MD5

    c1a63b5ae58b62543ee749e603103150

    SHA1

    481fc83cd43b64f7bb6871477cfa88c97af47e99

    SHA256

    f7054481fb168942e5307f9ccc1c648e5aa512613b435de5c5cf6a17cec8411a

    SHA512

    ef685a6d98698ccd4cfada380738c7f4a7027fa79bb095a3f6770aa4b5f37549adb0180aadc39acf5bb73aeed1ce1230253fba3a4f5bde40df4d1de7ff36d87d

    Download Submit