Overview

overview

10

Static

static

7

Photo.apk

android-9-x86

10

Photo.apk

android-10-x64

10

Photo.apk

android-11-x64

10

Analysis

  • max time kernel
    511159s
  • max time network
    24s
  • platform
    android_x86
  • resource
    android-x86-arm-20220823-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
  • submitted
    04-02-2023 23:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Photo.apk

  • Size

    2.9MB

  • MD5

    e70f15ca7e19c14196bb425fd8aeedf4

  • SHA1

    94c8a326b85d54d133dd8c981bcb25ea025a0500

  • SHA256

    c5b5258fd53888100d21f69181f8f84643fd76a03343570c9aeb9f9ac4b9ad08

  • SHA512

    36c6eb15c3b13e378666e3d36e94bdea977988914d17106b11af06cec6066fc585aa572d9f4546c5e43ed2ce50f7e39785831bef3526e5b1cb7a8a5a30a3acf9

  • SSDEEP

    49152:B7MG0Eg88ZOr4fVdhsF+dL8loJ0VWZ5+9GrHV4:xMX88ZI1CDHV4

Score
10/10
ermacbankerinfostealerransomwaretrojan

Malware Config

Extracted

Family

ermac

AES_key
AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 2 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.zuvagelizesiho.lihupi
    1⤵
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4121
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.zuvagelizesiho.lihupi/app_DynamicOptDex/sPR.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.zuvagelizesiho.lihupi/app_DynamicOptDex/oat/x86/sPR.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4186

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.zuvagelizesiho.lihupi/app_DynamicOptDex/sPR.json
    Filesize

    470KB

    MD5

    13789b90f7d0ed4537ce4f7128aee49a

    SHA1

    503a866814397db0e861a9488a2d066e262fe960

    SHA256

    aaca0266b89e4a3187d8b01dab371c1c23f1055b5ef32a975509caa39c489341

    SHA512

    ddb3b257d19a3f616119af210eed6b67355795ae14be1d4c85ccadcc05a8637e016cb09e78764b141a093432827448a22dabe70744f405ba511b05effffcd00c

    Download Submit

  • /data/user/0/com.zuvagelizesiho.lihupi/app_DynamicOptDex/sPR.json
    Filesize

    914KB

    MD5

    04c506ccd9fd76000f0f82fb72c58b95

    SHA1

    cd0d890e44b213c3b521395dae8f06db6139323b

    SHA256

    cc9dfe89ef9285c52826bf5b83e50fc88bb89dffed0739c63091a0782f329422

    SHA512

    66c389cf7513b1dc495ea1770601cab7d59947d42d76384d43796255d0344ee5903204445d1a8f22be887c05f8f35be2e6dc9ff307fdba57a0f9456ee516539c

    Download Submit

  • /data/user/0/com.zuvagelizesiho.lihupi/app_DynamicOptDex/sPR.json
    Filesize

    914KB

    MD5

    af5dde2273ba15fb627fd8781914e52b

    SHA1

    1d69ef96a3011687135041b3c0d62a48e024d180

    SHA256

    71d60c0aab62e505f7ee4dd5f5a20dc1125d0b13fa4d3b17ca6593adc19f80ac

    SHA512

    36f3143f6b817a0fa0075b9d69ab99e66fefcd7dc03eacd21deb21301def295db2d97c1b642fe2e300305dc8a7e21c529a0fb689de08adbe1fd500934084a799

    Download Submit

  • /data/user/0/com.zuvagelizesiho.lihupi/shared_prefs/settings.xml
    Filesize

    138B

    MD5

    82a70ce07c0ea80719dd2f2c1378852f

    SHA1

    6134167420ded4fb7a6bd711f51d14b2149e8a01

    SHA256

    c3769fcf98fe656efeda921c4d05924dcec1ac34352813f871e6b2a330472940

    SHA512

    221907f6c99a7d2a1aaa5474e7671dc8667c40e1385bb602db4a268989ae0939e07014dbd54a0a43e985c9b6c8e875c35e363f92bb9afdc788f1f6db7348d094

    Download Submit

  • /data/user/0/com.zuvagelizesiho.lihupi/shared_prefs/settings.xml
    Filesize

    181B

    MD5

    6f0f8b4734c9ab8558416a86fc0716d3

    SHA1

    25f6685e16cde27d46e452900c5d8cc45b65f9d6

    SHA256

    33c1d8bad0d2e0d37aaf5912c4e27e8df367ed95c02d5c0793449170bce541c2

    SHA512

    866411ba04a93ef58704cc42313ccb5bfac80793a2c9a922e4d4f5751e500bb61df7e93608896f00f764478ea7fe9086b9d62fcdfd6ba4c2b4c16cca05734791

    Download Submit