ermac | 52fb1a93e8366862c7dff046ed8a6f45ad0589fa7a1feceb4aa7cffd5d5cdca9

Analysis

max time kernel
3994398s
max time network
160s
platform
android_x64
resource
android-x64-20220823-en
resource tags

androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
submitted
26/01/2023, 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

foto.apk
Size

2.9MB
MD5

ff5a7566ac2095f3b379c46cb63fd84c
SHA1

716e5a95de367246f5ebc81f955c0a99de57d43a
SHA256

52fb1a93e8366862c7dff046ed8a6f45ad0589fa7a1feceb4aa7cffd5d5cdca9
SHA512

425c5c6eee15cc2bada96e7e9201d063ba63a572c1ce2f1ef829fa5f0d26966f57e0ab64b46ac15b5aeee58b907e4940ff7b82008478d73395128b265b07853b
SSDEEP

49152:YpevLSq/mZoCAdmogSuH7Zdhv/HQF+dL8loJ0VlOoec:0evLL/CoCemPHt21Wc

Score

10^/10

ermac banker infostealer ransomware trojan

Malware Config

Extracted

Family

ermac

http://176.113.115.66:3434

AES_key

Signatures

Ermac
An Android banking trojan first seen in July 2021.
banker trojan infostealer ermac

Ermac2 payload 1 IoCs

resource	yara_rule
behavioral1/memory/4780-0.dex	family_ermac2

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.zuvagelizesiho.lihupi/app_DynamicOptDex/sPR.json	4780	com.zuvagelizesiho.lihupi

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.zuvagelizesiho.lihupi

com.zuvagelizesiho.lihupi
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.zuvagelizesiho.lihupi/app_DynamicOptDex/sPR.json

Filesize
470KB

MD5
13789b90f7d0ed4537ce4f7128aee49a

SHA1
503a866814397db0e861a9488a2d066e262fe960

SHA256
aaca0266b89e4a3187d8b01dab371c1c23f1055b5ef32a975509caa39c489341

SHA512
ddb3b257d19a3f616119af210eed6b67355795ae14be1d4c85ccadcc05a8637e016cb09e78764b141a093432827448a22dabe70744f405ba511b05effffcd00c

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/app_DynamicOptDex/sPR.json

Filesize
914KB

MD5
af5dde2273ba15fb627fd8781914e52b

SHA1
1d69ef96a3011687135041b3c0d62a48e024d180

SHA256
71d60c0aab62e505f7ee4dd5f5a20dc1125d0b13fa4d3b17ca6593adc19f80ac

SHA512
36f3143f6b817a0fa0075b9d69ab99e66fefcd7dc03eacd21deb21301def295db2d97c1b642fe2e300305dc8a7e21c529a0fb689de08adbe1fd500934084a799

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/app_webview/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/app_webview/GPUCache/index-dir/temp-index

Filesize
96B

MD5
0717e5053935d78139ad14e36c6f4524

SHA1
8db91d83330c1251700fdb8fb1cbbcf93c04f980

SHA256
98e570ec6c79a1ca904cd34e4baee81baac042b2cb1b5c7bbc47cd6bebc5bdb1

SHA512
d53435cdaa0495fbc20a72a11b91bbf31345658626a1720e8dd6da86635f1545456845cd814af1b9db26cdd669b4d8f9b378b9d43419562ed5800b96238a06da

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/app_webview/Web Data

Filesize
112KB

MD5
b663831f8cc130493476d94f2d7a5330

SHA1
043a1956ab8e40821d67043f8a9110a8eb36fb93

SHA256
c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

SHA512
e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/app_webview/Web Data-journal

Filesize
1KB

MD5
c855c05a75d35d01e7bcf7da8073c3ac

SHA1
0c7075cf7cc6fd11e9b4f313dfd62499ed31f037

SHA256
297238f65e56315005a10a988a87142a14942ec361ec5655c5f047a0b46ed1c5

SHA512
a4e4e6e9380d72b438340f7ebf8ce79f0a5e2ea02b3b42dfd064eb48fe3b477c195528d26dbada86a272fd18440a18566c1aff24798b3ed96bfa2d8edf888a1e

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/app_webview/metrics_guid

Filesize
36B

MD5
c7a3954540742a8dc8ad837eb4bb364a

SHA1
96e1e35a25c7b05b803098d1cb3715c074ad6b4e

SHA256
6eead4141c44f29b5b3c068eb96ac00cebc7f371066d22b0aa819643260536e9

SHA512
eb223c9fa4b70853ac5cac186a6b6ef3bf6342422ab4c6aa746d159d3f6bf294ce7d1afd8f25e215fea20eeac3e7d181f3ed7d93514aa1da530d80b3e7fd5e32

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
065ba06684f955304a2a2f56a94c9c78

SHA1
6d73f99636009e52b3183fa794f303dcd0f7b344

SHA256
28c413a9b039d29bd27d7701f462d3c135b5410fe0d73856c958130785542141

SHA512
d65635c9220f4844bd146209598acf85eca31565af611c6678437bc65862f4e7372b7c25db17410a85f122e854385920ccb0f5ce30677b2c84caed459c1324f2

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/cache/org.chromium.android_webview/0357f02fcde7fa23_0

Filesize
440B

MD5
398df54853c13256bcb0364a448cc28c

SHA1
ba0b0d34902d8cf6831a9d4592983a93b0abb6de

SHA256
70f4b380716f8632934c863eadf364bf5c016ddf4e9f10c1d1f6621516eccbc1

SHA512
533f234acb30f1020a747ac676f9474b46ce23cc5a9f0454b710deecd161aca32bfa36374d631483437a478f84f7bfa87d22dbb0ab30ce94592690637bdb70ea

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/cache/org.chromium.android_webview/8b362a2764b1fa6f_0

Filesize
456B

MD5
d5635c8486755af777fee715d29da16b

SHA1
c253db132b91f8bd90e338f3d8e66f8a50b29ba1

SHA256
7ef2d741c14484f2714798acb477fa2c781eee053d5419e7b2c7d23ee57ea93c

SHA512
971a676e70550cffbb3fb745343df058671a1113262d02e25c11f5ed2bfd0de4796929ccd7fe7819b7cf3a7653a7ebb46ade24bce4bf40259e094b4d47983a6d

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/cache/org.chromium.android_webview/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
f55063d40e60175524cbe7e8b4e24c37

SHA1
36e4dec80579fb86710b047bf15e6a99334b1027

SHA256
2961b58d3600a22919c51c7062d9bc7b4cd596ad156559d844ce438ef24af56d

SHA512
571172f69481e164c72e695639307c66cb352d9ebe1309a84a034acda0edd08c47cce618647b5cbce91fdae11ff796d6220d1c7782b559330e3baa3580563ae3

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/cache/org.chromium.android_webview/a80807e99f22c875_0

Filesize
420B

MD5
51e976a7093385edda8c189408c30130

SHA1
d444beca5455053bf16a62679374ed49207ed361

SHA256
b22d4fa59b58df9791742f151a11e6517273e0ee06298a8b76756b1e2e992349

SHA512
cf6ada2bcd5bfd8006fdb846e415859f339d19c08bf6d73bf41f579eb6df69f4eab01e2ae2b58702a70dfd48654f55b866fe51acba6b667ad973923ce52081b5

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/cache/org.chromium.android_webview/bae5a4d61bb64d17_0

Filesize
412B

MD5
8a16450d5bee42b7f00ccbf3bfe7c11f

SHA1
4081a9f2f8b9053818c59010ec7785645c65db0e

SHA256
51e1e010f00a15b1fb99a012341d3996ef9034049d909335f54053426dee66b1

SHA512
e658c662ec9763e00af1cf4f0e7d6809c6898ba3785cce11a84e38b84ce1f04382069967094fa2014978b9d67fbc2b444072fb10b03c9858897d4fd9f00121f8

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/cache/org.chromium.android_webview/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
288B

MD5
a123559c162689130ed99a06c9e558a3

SHA1
2e1523e1947d4dc3c0a2362163c01c33a00e164a

SHA256
dcfcd19bbd0e085c0e971fcc0af8b3714dff629a5ed88b45610acec7e3249989

SHA512
46edea8cd6ba47ebbf4b9af34ac60a798438c83078f32e978e7278d50cda82c7717dcf50ea18d2579c5b9ebebbd0fee78ee97b8f3bdb86340ece99c336ca6caf

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
96B

MD5
90c1dc571067f2ac7ec96b36b58afac0

SHA1
7df0ecd491a0bd8215a4ba9339366d92fddc0103

SHA256
10480002f01d632e2807ed1a5fee75e76bef809cfa7190bae108fe277cc0d65e

SHA512
9bcc5a361517726a6280ea906b2b43d0e8f79e5c138af766f928cc4941e7fb02ec742481eea169c1df28182b9772d1f3bff23317fe13ce92fa82744c30edfe2e

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
6ef709b8536878951e87c29a1518fc2b

SHA1
24376c70b00152501b3d98df61fa7db435339172

SHA256
10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

SHA512
96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/shared_prefs/settings.xml

Filesize
138B

MD5
82a70ce07c0ea80719dd2f2c1378852f

SHA1
6134167420ded4fb7a6bd711f51d14b2149e8a01

SHA256
c3769fcf98fe656efeda921c4d05924dcec1ac34352813f871e6b2a330472940

SHA512
221907f6c99a7d2a1aaa5474e7671dc8667c40e1385bb602db4a268989ae0939e07014dbd54a0a43e985c9b6c8e875c35e363f92bb9afdc788f1f6db7348d094

Download Submit