ermac | c5b5258fd53888100d21f69181f8f84643fd76a03343570c9aeb9f9ac4b9ad08

Analysis

max time kernel
514886s
max time network
161s
platform
android_x64
resource
android-x64-20220823-en
resource tags

androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
submitted
04/02/2023, 23:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Photo.apk
Size

2.9MB
MD5

e70f15ca7e19c14196bb425fd8aeedf4
SHA1

94c8a326b85d54d133dd8c981bcb25ea025a0500
SHA256

c5b5258fd53888100d21f69181f8f84643fd76a03343570c9aeb9f9ac4b9ad08
SHA512

36c6eb15c3b13e378666e3d36e94bdea977988914d17106b11af06cec6066fc585aa572d9f4546c5e43ed2ce50f7e39785831bef3526e5b1cb7a8a5a30a3acf9
SSDEEP

49152:B7MG0Eg88ZOr4fVdhsF+dL8loJ0VWZ5+9GrHV4:xMX88ZI1CDHV4

Score

10^/10

ermac banker infostealer ransomware trojan

Malware Config

Extracted

Family

ermac

http://176.113.115.66:3434

AES_key

Signatures

Ermac
An Android banking trojan first seen in July 2021.
banker trojan infostealer ermac

Ermac2 payload 1 IoCs

resource	yara_rule
behavioral2/memory/4771-0.dex	family_ermac2

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.zuvagelizesiho.lihupi/app_DynamicOptDex/sPR.json	4771	com.zuvagelizesiho.lihupi

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.zuvagelizesiho.lihupi

com.zuvagelizesiho.lihupi
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4771

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.zuvagelizesiho.lihupi/app_DynamicOptDex/sPR.json

Filesize
470KB

MD5
13789b90f7d0ed4537ce4f7128aee49a

SHA1
503a866814397db0e861a9488a2d066e262fe960

SHA256
aaca0266b89e4a3187d8b01dab371c1c23f1055b5ef32a975509caa39c489341

SHA512
ddb3b257d19a3f616119af210eed6b67355795ae14be1d4c85ccadcc05a8637e016cb09e78764b141a093432827448a22dabe70744f405ba511b05effffcd00c

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/app_DynamicOptDex/sPR.json

Filesize
914KB

MD5
af5dde2273ba15fb627fd8781914e52b

SHA1
1d69ef96a3011687135041b3c0d62a48e024d180

SHA256
71d60c0aab62e505f7ee4dd5f5a20dc1125d0b13fa4d3b17ca6593adc19f80ac

SHA512
36f3143f6b817a0fa0075b9d69ab99e66fefcd7dc03eacd21deb21301def295db2d97c1b642fe2e300305dc8a7e21c529a0fb689de08adbe1fd500934084a799

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/app_webview/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/app_webview/GPUCache/index-dir/temp-index

Filesize
96B

MD5
a2375222215372e3b5c37fbcbdbe3d89

SHA1
4511a742879ba06aba3563a24a97009966ce3f3b

SHA256
a390f90a220a102deb97755393064d571d7b53dedbd8613aaa77c618a0d6f834

SHA512
2f039d6f14cd85e21a5ce6db643a190891ed284ca3125185dc9d71e5bac13e13b82f679cccc98a1ae261514e34f829fcf5c21b3cc29a4861e99cdfc888ab4f4c

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/app_webview/Web Data

Filesize
112KB

MD5
b663831f8cc130493476d94f2d7a5330

SHA1
043a1956ab8e40821d67043f8a9110a8eb36fb93

SHA256
c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

SHA512
e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/app_webview/Web Data-journal

Filesize
1KB

MD5
d5a76e1ec58b513779689cd0c2de38e4

SHA1
4f2e54e65ca053760676e5b1192d1fe9da86b47a

SHA256
8d7f40dfab058228e447d8ea5ec26d5ad669d8cc19230a870efb3fd548dc8bcd

SHA512
6d18a444285c77406dcc424a039d77d92a265de3efca70f61ef84b6c4b3e2a29059e600583646da7b898338ac18a19b32f84966c1846ea0d710b6e517cbe04e2

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/app_webview/metrics_guid

Filesize
36B

MD5
dfbbb25f21b8fd89a7c04ced60f7ebbd

SHA1
ef853c927264747628004eb3a93b95021c568b6e

SHA256
455d3d43dfbcbed121136e742a8b345c053d52c3761d0230621282285d32ad0b

SHA512
44cfeaf534bf5ae93585e10188b7ff20b4122a6ab07171e0dc152fddc1a87c1fe312ecb1a5bf13f05c9a598824cf582f9cb5bb8f84430597331ec14dabeca1fc

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
8eb40488fdd08323bd54ce362bff7d48

SHA1
e8d30b4eab306106143b044c9577d56699027456

SHA256
6cf7fa9a17ede20ab12140ca8a265ee4769fd532839f7257be7bdb207cd5a5cd

SHA512
5a7ef6771e9a6499abb48cd9fb5ca334dc4a4bd3d881051e0e22a9251b3642f967047de8aaa71f31abe10732ffd963d518a579c1700f6cb8cb106cc4d6debbc9

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/cache/org.chromium.android_webview/0357f02fcde7fa23_0

Filesize
440B

MD5
398df54853c13256bcb0364a448cc28c

SHA1
ba0b0d34902d8cf6831a9d4592983a93b0abb6de

SHA256
70f4b380716f8632934c863eadf364bf5c016ddf4e9f10c1d1f6621516eccbc1

SHA512
533f234acb30f1020a747ac676f9474b46ce23cc5a9f0454b710deecd161aca32bfa36374d631483437a478f84f7bfa87d22dbb0ab30ce94592690637bdb70ea

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/cache/org.chromium.android_webview/8b362a2764b1fa6f_0

Filesize
456B

MD5
d5635c8486755af777fee715d29da16b

SHA1
c253db132b91f8bd90e338f3d8e66f8a50b29ba1

SHA256
7ef2d741c14484f2714798acb477fa2c781eee053d5419e7b2c7d23ee57ea93c

SHA512
971a676e70550cffbb3fb745343df058671a1113262d02e25c11f5ed2bfd0de4796929ccd7fe7819b7cf3a7653a7ebb46ade24bce4bf40259e094b4d47983a6d

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/cache/org.chromium.android_webview/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
3c01004791a81d89752c18825f6757fe

SHA1
ae29ad866b8832141d47f14ff1448b0281824025

SHA256
446eab4f7e96ab7352ced3e5ffb730b44a76ecbc4d33a5f3d23938c46e7267b3

SHA512
6ab42ce682e9c6ba6bef082ec411ba7cad079bd930d638685946e9be678b1e3df89b2d36892edde7cde1c887e3d40bf249ee817c526b98338e6f864e358e7953

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/cache/org.chromium.android_webview/a80807e99f22c875_0

Filesize
420B

MD5
51e976a7093385edda8c189408c30130

SHA1
d444beca5455053bf16a62679374ed49207ed361

SHA256
b22d4fa59b58df9791742f151a11e6517273e0ee06298a8b76756b1e2e992349

SHA512
cf6ada2bcd5bfd8006fdb846e415859f339d19c08bf6d73bf41f579eb6df69f4eab01e2ae2b58702a70dfd48654f55b866fe51acba6b667ad973923ce52081b5

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/cache/org.chromium.android_webview/bae5a4d61bb64d17_0

Filesize
412B

MD5
8a16450d5bee42b7f00ccbf3bfe7c11f

SHA1
4081a9f2f8b9053818c59010ec7785645c65db0e

SHA256
51e1e010f00a15b1fb99a012341d3996ef9034049d909335f54053426dee66b1

SHA512
e658c662ec9763e00af1cf4f0e7d6809c6898ba3785cce11a84e38b84ce1f04382069967094fa2014978b9d67fbc2b444072fb10b03c9858897d4fd9f00121f8

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/cache/org.chromium.android_webview/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
96B

MD5
cfe74215088b00d592f0eb319661cbed

SHA1
df0946361961277f2a7c49c5b517b897bb27b34f

SHA256
c14da6d9e17e94c88daede9fe3169b53db329ed4a4142085612ce9d324e204e6

SHA512
1bae6d997bce97136abd8b6226e3028a8792ceb3e1618d0d5c5019af009bb7fcc32e4b3d0b5c8a877320c9a89b0c6295158025564297c9b835731e5ff7eee0f3

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
96B

MD5
2daf9676e46af9c7fdc3062ec08455a7

SHA1
75f725640e63f4ea58bcb9e3b419559665ef8522

SHA256
b95efa9201792adc87f66a1234dd072c3ff0f0c0ef401de32d33ea4b38a1efae

SHA512
2ae9a74bb731f5383241afbd2413912c8a7d3102dc2dfedc40584c530f64728519cd0d663399696ed8326c7f3bbd96a711327b1c47e2f2177fde8a51d13c0fab

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
6ef709b8536878951e87c29a1518fc2b

SHA1
24376c70b00152501b3d98df61fa7db435339172

SHA256
10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

SHA512
96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

Download Submit
/data/user/0/com.zuvagelizesiho.lihupi/shared_prefs/settings.xml

Filesize
138B

MD5
82a70ce07c0ea80719dd2f2c1378852f

SHA1
6134167420ded4fb7a6bd711f51d14b2149e8a01

SHA256
c3769fcf98fe656efeda921c4d05924dcec1ac34352813f871e6b2a330472940

SHA512
221907f6c99a7d2a1aaa5474e7671dc8667c40e1385bb602db4a268989ae0939e07014dbd54a0a43e985c9b6c8e875c35e363f92bb9afdc788f1f6db7348d094

Download Submit