Overview

overview

10

Static

static

7

2ea7d595e0...d8.apk

android-10-x64

10

2ea7d595e0...d8.apk

android-11-x64

10

2ea7d595e0...d8.apk

android-9-x86

10

Analysis

  • max time kernel
    3756782s
  • max time network
    162s
  • platform
    android_x64
  • resource
    android-x64-20220823-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
  • submitted
    23-01-2023 18:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2ea7d595e0e7965f4fedf7f3012261e3d47f618f1a7043859b3cd1c006a4a2d8.apk

  • Size

    2.9MB

  • MD5

    8f860fe68a5aa80a0f38c8e0e85de95c

  • SHA1

    1c4a40dba1fb6a8e63bbc75e53bf807b91805bba

  • SHA256

    2ea7d595e0e7965f4fedf7f3012261e3d47f618f1a7043859b3cd1c006a4a2d8

  • SHA512

    b4097b4384476844388b37a8666b52600a8904d41c088a089185386e4e7648caeaf9006c4186a11518b86fb9bd5c38145ab2386c5448f805e44d02399b957280

  • SSDEEP

    49152:R7MG0EbYQK7uHt4fjdhIxVycny6693XxKRXefHHWbnh:BMkYQK7uFM993XtHHWbh

Score
10/10
ermacbankerinfostealerransomwaretrojan

Malware Config

Extracted

Family

ermac

C2

http://176.113.115.66:3434

AES_key
AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.yezigojopivubifo.fiwini
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4743

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.yezigojopivubifo.fiwini/app_DynamicOptDex/hhw.json
    Filesize

    470KB

    MD5

    e6e3bc2c9c97b3dd53168ea0dacb6efd

    SHA1

    3d6278a8e489b0a8811f67e3525402fcd4c49987

    SHA256

    7393bc1e32d7ebb95c707ea896dbb01df955a5ffb44f252ca1a4baf8e62382d5

    SHA512

    7e6b23a07aa0922c95bf2dc5ed901ef2af325a309d3a19007308148a43756bf2c1e15bc90262066c2b3cf60e31dbfae52ac6511eacc76221f8b096c216f9cbbc

    Download Submit

  • /data/user/0/com.yezigojopivubifo.fiwini/app_DynamicOptDex/hhw.json
    Filesize

    914KB

    MD5

    dc60437a70d5874fb10411f14e7fc05d

    SHA1

    fda795a8f702b9bb1cb9a0c1092b7adaf79a6246

    SHA256

    5a6ab43208493afa4490df150cfbc09135837108e7dde27461e00b9f5c4f2ea2

    SHA512

    dd8d33eb749a9fb8ac8bd1061bf7da6629a3cd15d9088518a4d418a443ecdc1d9875101a8262c29f5a7357a31d988e2baa743f6570058ee7beff9326bab94cfe

    Download Submit

  • /data/user/0/com.yezigojopivubifo.fiwini/shared_prefs/settings.xml
    Filesize

    140B

    MD5

    5e69cd265d07b62e49c407373bb0b6d7

    SHA1

    96cc78070eda1d3636e521bebcecd03d54aaea56

    SHA256

    d988e621dc5d05e84c85c347f37f68c00593d8205ac0824df379e955800205f1

    SHA512

    60c8f3678425b96cda555d991c7b4e4e1ff2af2250e5f1acb9ca06eee1e43a7ec29e9674f6483b52b8e9028d4d37dd7338bd950f065bd000504350ab70de63e1

    Download Submit