Overview

overview

10

Static

static

7

a1ea4dbd8a...74.apk

android-9-x86

10

a1ea4dbd8a...74.apk

android-10-x64

10

a1ea4dbd8a...74.apk

android-11-x64

10

Analysis

  • max time kernel
    1977730s
  • max time network
    162s
  • platform
    android_x64
  • resource
    android-x64-20220823-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
  • submitted
    12/04/2023, 14:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a1ea4dbd8a36c410fd528f81f197421c6a8b9b240dd274a87be66f199ad5cb74.apk

  • Size

    2.5MB

  • MD5

    80eedb8d0b108ca485b80c70fc9c2d31

  • SHA1

    7e549c9b8e02cfa696485ef43fa16d196f70bebc

  • SHA256

    a1ea4dbd8a36c410fd528f81f197421c6a8b9b240dd274a87be66f199ad5cb74

  • SHA512

    04e93ba7d30a609cf5c4de8598fceba3e09c4e323ff2e35ae05aefaf0b2008710c7829bd4ff9ebf44d62f76d3a6a5f06346acc24d5a0c46f3c5c5a91181cf49c

  • SSDEEP

    49152:+Y4Hzl+bwEPg8240tzCW3sX77MXQw4CmE4i85W3//t:+JHzl+bn0tzCW3y77ZN7i852t

Score
10/10
ermachookbankerinfostealerransomwarerattrojan

Malware Config

Extracted

Family

ermac

C2

http://91.215.85.23:3434

AES_key

Extracted

Family

hook

C2

http://91.215.85.23:3434

AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 1 IoCs
  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.waciniyehiruna.razo
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4744

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json
          Filesize

          676KB

          MD5

          ddb935b4cb89568b1126dbc47a099efd

          SHA1

          3f40ba69bd11380de6e56dab5a9cd5c53b150f0f

          SHA256

          c4aea8f064d87cefbeb7898bd9f895bea5b82b756757c824191a11112b88af27

          SHA512

          c674a76a21349cec07e2fba2cf91f884d8cca42d31eb3d750c8cffd2fcfacc95905e94676946f801d95d1cef4485b9fe5ed1bd5c34fcde3f73da935ac3a87527

          Download Submit

        • /data/user/0/com.waciniyehiruna.razo/app_DynamicOptDex/qZs.json
          Filesize

          1.5MB

          MD5

          b94fd56ee56fe358ac6b2f7e581aacf8

          SHA1

          4dab3e1bda0d164214245422cb05d5283e9b0566

          SHA256

          64fbcfa549de412ebde7364d6984df08bf5223787d5ed49e099a55e38621b314

          SHA512

          a5fe5223c6fa61fcfcba16ac7aaf530c982b9658a0a62176f1aa6902b1f17c2e564292446fea4e8f903c06676dc37351aa6339b436a990395e4f9ffd27bb6332

          Download Submit

        • /data/user/0/com.waciniyehiruna.razo/app_webview/GPUCache/index
          Filesize

          48B

          MD5

          6d7d499960179766cd4261d12dacc411

          SHA1

          e6f8553b0015e12b23cc551afe98763f3b1c9bed

          SHA256

          c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

          SHA512

          6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

          Download Submit

        • /data/user/0/com.waciniyehiruna.razo/app_webview/GPUCache/index-dir/temp-index
          Filesize

          96B

          MD5

          872e5b5ccc0d3afee211c4bd43662c74

          SHA1

          5f11cd91dac20e2c2e45dac717fcbc090fe3ac2e

          SHA256

          4a8edef2185820591bcba275998b69b8bc211069ac4a65b7ddc0a7063655d619

          SHA512

          0279fc4308d0d16e167baabb3330b5f292829db65aaab5b6d68699b03b5a2ca1a146f20db72aa7fa21dfc3e959c8d5f96dffbf1d957363dc9b051a75fadf0da3

          Download Submit

        • /data/user/0/com.waciniyehiruna.razo/app_webview/Web Data
          Filesize

          112KB

          MD5

          b663831f8cc130493476d94f2d7a5330

          SHA1

          043a1956ab8e40821d67043f8a9110a8eb36fb93

          SHA256

          c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

          SHA512

          e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

          Download Submit

        • /data/user/0/com.waciniyehiruna.razo/app_webview/Web Data-journal
          Filesize

          1KB

          MD5

          04e6b63e1be78ccff9a187f139ad9687

          SHA1

          a33df1a32f5d31ddf10b5ce6440fb09354fdfca4

          SHA256

          eb4c18130ed77b0cb7a9ee466f5595da799b843845c86ddb1ca9dcb308579d9b

          SHA512

          53c74bbe92fd083b10464cd5cdd8f56b3ddb3c56cb98c8d8cbd7153b1184c10d58b38ca7c9160ab2fed48a170f3620473a8ec283f2269b4f4a2ddb399b702fcd

          Download Submit

        • /data/user/0/com.waciniyehiruna.razo/app_webview/metrics_guid
          Filesize

          36B

          MD5

          27c0ae2ab1e67779a1351bf11a76ac35

          SHA1

          8935fc66b9a3e2975e6cd14ce57f3bdc242b4b7b

          SHA256

          653efb4b9f05c5e6cc2cb2ba6876eab9e5f4265007cc4fdcfaa17e119e6c003e

          SHA512

          fcad95e3f93d7d3eea8ebc1d57576206ab18a3f4bdc59efffb85044a616a0695df419e9e7ca245c9eb491327f566096adb255a20ee7521bce9766dd0daf8b92a

          Download Submit

        • /data/user/0/com.waciniyehiruna.razo/cache/WebView/Crashpad/settings.dat
          Filesize

          40B

          MD5

          2124f2491aed2c127aaca263b5959707

          SHA1

          4c3e117ff1f02e5d63eb3b9c91630f8de5b4e166

          SHA256

          d6d598c4b72bfe9af678eacf0538f2fde6353ebef02b085b8ab310c695415817

          SHA512

          6bdffff6453efaafb9419f588149d64049df60312dacdc7bd85c109231e11ab2c5875f2c58fd3bf456899ba778d8b1da590eded6399f3bdd4b080ba899bfbfc1

          Download Submit

        • /data/user/0/com.waciniyehiruna.razo/cache/org.chromium.android_webview/Code Cache/js/index
          Filesize

          48B

          MD5

          6d7d499960179766cd4261d12dacc411

          SHA1

          e6f8553b0015e12b23cc551afe98763f3b1c9bed

          SHA256

          c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

          SHA512

          6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

          Download Submit

        • /data/user/0/com.waciniyehiruna.razo/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
          Filesize

          96B

          MD5

          857efba313f365e8fbc561967a2f2d52

          SHA1

          3901bf69eb24dbca8308bc31b8248f70ac72e892

          SHA256

          aa75ca2e9a75173b339b4ddfb5bdf0ccbdc58dffb02c83c12f596f958f631131

          SHA512

          fd6f8f220eae23075ee05e8696b787effb634db50d76906d604c1c542d5ac46cc78035a33bc85765cd549dcb132fc7b979add87172589fd032565ad897c3c445

          Download Submit

        • /data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb
          Filesize

          8KB

          MD5

          b6ca8b30661a7844ed292db75a29a953

          SHA1

          8e0d397ab1f2ced1f143829084c3f53333743bdd

          SHA256

          63a219c7092be26641907c5f955aa977e7675e3922a8e4ee2af25bfed8c7bbfb

          SHA512

          d21ce3adf13d61369708ea000438f626973f20b08ca05a744c1cccb2d5e7c264a8af9c3ebd18a7a6a464d38e1c64146f8e881d29d71a0484dd94212315f6dceb

          Download Submit

        • /data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb-journal
          Filesize

          1KB

          MD5

          7fbfcc56b58332e5f7819b2704ecba80

          SHA1

          73a10c3d1b1d9e1c1dddd56eefa42e312eb4cb17

          SHA256

          2aa2d7165c9fe966fc212550d1548d549a1ef44d0e47f52384b083cfba5815cc

          SHA512

          97d5044693d33b169da500ed36de294d15b6d2eb4ada6794185db7aad7609a472ddbb7761af0a4492130b03715272dbfc9ac82e0697de11fa07f7976e4bb415b

          Download Submit

        • /data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb-shm
          Filesize

          16B

          MD5

          4ae71336e44bf9bf79d2752e234818a5

          SHA1

          e129f27c5103bc5cc44bcdf0a15e160d445066ff

          SHA256

          374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb

          SHA512

          0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

          Download Submit

        • /data/user/0/com.waciniyehiruna.razo/no_backup/androidx.work.workdb-wal
          Filesize

          346KB

          MD5

          e85909f5c7baae4432efe590d7e8aa51

          SHA1

          388aa74fa9c52d7c61ad764d18678235c15d03b0

          SHA256

          3c1a6560a96d1a05a25bb885c2ba692b3a21fa95a138b8af02597f9c4ccbc641

          SHA512

          46c8b2a8bad008fbe8ad77bbdc8a7c285ebc72855c62694503f84c3ca9a2405c7799066ed513c6ab9616ac6c7c17b2873027cd85a7c75b9fd51d59598f51c071

          Download Submit

        • /data/user/0/com.waciniyehiruna.razo/shared_prefs/WebViewChromiumPrefs.xml
          Filesize

          127B

          MD5

          6ef709b8536878951e87c29a1518fc2b

          SHA1

          24376c70b00152501b3d98df61fa7db435339172

          SHA256

          10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

          SHA512

          96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

          Download Submit

        • /data/user/0/com.waciniyehiruna.razo/shared_prefs/settings.xml
          Filesize

          136B

          MD5

          65725641cce557eafbb5ef060ee1dafe

          SHA1

          fabbaf0f442aeeb6bf3aede22ebc271fb0e7b50b

          SHA256

          db802a8c14576f939a8e0b10f0e645e87c70c7b0d6ace6bccc857e7d50cbe760

          SHA512

          35edb38cd43502987de12bbaf6a99f95fc14fee6acc73edd43252125b096c05b07638a68c4b4120c39806c82c2dc2b251143a9ac156905945ee8ecdae393dd7e

          Download Submit