Overview

overview

10

Static

static

7

2ea7d595e0...d8.apk

android-10-x64

10

2ea7d595e0...d8.apk

android-11-x64

10

2ea7d595e0...d8.apk

android-9-x86

10

Analysis

  • max time kernel
    3753184s
  • max time network
    151s
  • platform
    android_x86
  • resource
    android-x86-arm-20220823-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
  • submitted
    23-01-2023 18:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2ea7d595e0e7965f4fedf7f3012261e3d47f618f1a7043859b3cd1c006a4a2d8.apk

  • Size

    2.9MB

  • MD5

    8f860fe68a5aa80a0f38c8e0e85de95c

  • SHA1

    1c4a40dba1fb6a8e63bbc75e53bf807b91805bba

  • SHA256

    2ea7d595e0e7965f4fedf7f3012261e3d47f618f1a7043859b3cd1c006a4a2d8

  • SHA512

    b4097b4384476844388b37a8666b52600a8904d41c088a089185386e4e7648caeaf9006c4186a11518b86fb9bd5c38145ab2386c5448f805e44d02399b957280

  • SSDEEP

    49152:R7MG0EbYQK7uHt4fjdhIxVycny6693XxKRXefHHWbnh:BMkYQK7uFM993XtHHWbh

Score
10/10
ermacbankerevasioninfostealerransomwaretrojan

Malware Config

Extracted

Family

ermac

C2

http://176.113.115.66:3434

AES_key
AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 2 IoCs
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.yezigojopivubifo.fiwini
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4038
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.yezigojopivubifo.fiwini/app_DynamicOptDex/hhw.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.yezigojopivubifo.fiwini/app_DynamicOptDex/oat/x86/hhw.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4093

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.yezigojopivubifo.fiwini/app_DynamicOptDex/hhw.json
    Filesize

    470KB

    MD5

    e6e3bc2c9c97b3dd53168ea0dacb6efd

    SHA1

    3d6278a8e489b0a8811f67e3525402fcd4c49987

    SHA256

    7393bc1e32d7ebb95c707ea896dbb01df955a5ffb44f252ca1a4baf8e62382d5

    SHA512

    7e6b23a07aa0922c95bf2dc5ed901ef2af325a309d3a19007308148a43756bf2c1e15bc90262066c2b3cf60e31dbfae52ac6511eacc76221f8b096c216f9cbbc

    Download Submit

  • /data/user/0/com.yezigojopivubifo.fiwini/app_DynamicOptDex/hhw.json
    Filesize

    914KB

    MD5

    57988f7d90e26360efc76209ac4dad18

    SHA1

    631c06693c3acd7d9eb4c6c9b3505d5c80506069

    SHA256

    912a83b7ffbc83f8d8f5000b9247dd020051476f85f4210fee3112ac2991606e

    SHA512

    87f80b2a8e91fb54fd3901f8e0df5652b2f1ed81ab12ad62404d90833591a66280d11ebd4b8bd403636850bb360f350fb029d8c4998e41aa38f31c9cc02a39c7

    Download Submit

  • /data/user/0/com.yezigojopivubifo.fiwini/app_DynamicOptDex/hhw.json
    Filesize

    914KB

    MD5

    dc60437a70d5874fb10411f14e7fc05d

    SHA1

    fda795a8f702b9bb1cb9a0c1092b7adaf79a6246

    SHA256

    5a6ab43208493afa4490df150cfbc09135837108e7dde27461e00b9f5c4f2ea2

    SHA512

    dd8d33eb749a9fb8ac8bd1061bf7da6629a3cd15d9088518a4d418a443ecdc1d9875101a8262c29f5a7357a31d988e2baa743f6570058ee7beff9326bab94cfe

    Download Submit

  • /data/user/0/com.yezigojopivubifo.fiwini/shared_prefs/settings.xml
    Filesize

    140B

    MD5

    5e69cd265d07b62e49c407373bb0b6d7

    SHA1

    96cc78070eda1d3636e521bebcecd03d54aaea56

    SHA256

    d988e621dc5d05e84c85c347f37f68c00593d8205ac0824df379e955800205f1

    SHA512

    60c8f3678425b96cda555d991c7b4e4e1ff2af2250e5f1acb9ca06eee1e43a7ec29e9674f6483b52b8e9028d4d37dd7338bd950f065bd000504350ab70de63e1

    Download Submit

  • /data/user/0/com.yezigojopivubifo.fiwini/shared_prefs/settings.xml
    Filesize

    184B

    MD5

    1e92125ecd98b0ddd03479d4f055ec02

    SHA1

    cc0bad442c027c2a752819a4e28668afdcf8f11c

    SHA256

    474abdd590375dea9c2c2253f19a2b70250dab3fe5e5c87ad14fa619365f4712

    SHA512

    b527f930c590829a02fcef8df5aedec1579f76ad1fdfb2eb69aef4169ad5cc2ab1651b088239919a0c39e5ea0ea8e94a6135909c4cbc80d63f440e9b95e898b9

    Download Submit

  • /data/user/0/com.yezigojopivubifo.fiwini/shared_prefs/settings.xml
    Filesize

    272B

    MD5

    3ef2662508e08fe02c79f984aac70ff7

    SHA1

    e86d236f45ada35a648a2f89c69681869d601495

    SHA256

    b29eb3de188ee17b51a065460ecb0d39bdd4ca31eac6a094e34f37c83422bfb0

    SHA512

    743c3b236314d3b4b0c5529ee160884ddc4c09e1b944c68ff144393571b2a17f11e768b2acf67bc412a7b933b2be70e94b23bda073aeac89f04fddf42b4c5cd9

    Download Submit

  • /data/user/0/com.yezigojopivubifo.fiwini/shared_prefs/settings.xml
    Filesize

    316B

    MD5

    4bd459dabfffcb52b64c597a607c500c

    SHA1

    7f8dfb452c76452bb095eb5c1308dfe221103569

    SHA256

    aaa32d0666ddc6f9977edbfc7f448fffc1578e64d1c6fff1eff413d78a0d7b42

    SHA512

    5e70dd1de45683734b96f031d992f9969b7790fdb96b8ce6c9dd4fd1c4e0f17baf5aa303cb57ce0d83174a6a8e8c5e675f326d7ebb96123402270fc760cdc670

    Download Submit