Overview

overview

10

Static

static

7

0399d5868f...37.apk

android-9-x86

10

0399d5868f...37.apk

android-10-x64

10

0399d5868f...37.apk

android-11-x64

10

Analysis

  • max time kernel
    1982283s
  • max time network
    161s
  • platform
    android_x64
  • resource
    android-x64-20220823-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
  • submitted
    12-04-2023 15:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0399d5868f1c7ace8585daba2b93d794a19dd354f95a2c5ae0bc870237c9eb37.apk

  • Size

    2.8MB

  • MD5

    82adeeff58343441db34ff548c7c1e57

  • SHA1

    c1c6555126e509f7797d9b3bd7b28e82c04c2de6

  • SHA256

    0399d5868f1c7ace8585daba2b93d794a19dd354f95a2c5ae0bc870237c9eb37

  • SHA512

    c3a2cff7ebfd7a0b43fe705fbeb1cee11cff43ab91c6320c7d5b6bab8d835d9c0d74e69dc552e4632a2e288b25b88663c0390d202ada762ada70c8c97bbd323e

  • SSDEEP

    49152:0PDiW/t1GkT49g89ZvY85W3/9+BfHTA3s2NpgInk:0PDt/t1GQkY85PBfHTA3syKInk

Score
10/10
ermachookbankerinfostealerransomwarerattrojan

Malware Config

Extracted

Family

ermac

C2

http://91.215.85.37:3434

AES_key

Extracted

Family

hook

C2

http://91.215.85.37:3434

AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 1 IoCs
  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.pekinihiwirede.pozoweha
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4731

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json
    Filesize

    677KB

    MD5

    df2b74b7d83a28e229bc5612c38d289f

    SHA1

    7433921101550b7ccb5662aeabb40379faa51cf3

    SHA256

    3835d1c64ccc96e2fb1edb76ec5971f65477b287f4c87b59ae541d0c6a5b2596

    SHA512

    707cc855dc8e6d48a71cf9033b5c944e132cd9025cdb138a93c3d00f2f29208f3d4946e5aba0701aeb6fd8027df38a5afb50347e1cd856f2fbe6cb21d6838604

    Download Submit

  • /data/user/0/com.pekinihiwirede.pozoweha/app_DynamicOptDex/drE.json
    Filesize

    1.5MB

    MD5

    45396ffca23f6f1a7af276e2a16a3246

    SHA1

    ee494c58fffc2870a9099fc82d7b331441c4adfb

    SHA256

    04a8baec0ed8192ef613b6162c1cc1b2908b4e066061fc0d28e4e8edeb51e011

    SHA512

    fd9328751bd6937cb99c45861ee0080d134c8abf39947dea338f479fecf976f99d1a396e79f42de82b107c1191bb6439f22b80a38ad3fa7858b22eb9caedf92c

    Download Submit

  • /data/user/0/com.pekinihiwirede.pozoweha/app_webview/GPUCache/index
    Filesize

    48B

    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

    Download Submit

  • /data/user/0/com.pekinihiwirede.pozoweha/app_webview/GPUCache/index-dir/temp-index
    Filesize

    96B

    MD5

    ab28c662c1af52e2d6472c1cb3785f1b

    SHA1

    fed8818c9a9a64d5ae4cb10f4cefafd518fd93a3

    SHA256

    59b6d864fa7d3d2b37ab181b55de035de6b1635f7c559a60a2a5e7415724d74f

    SHA512

    cf97692a94d18dae9a65f815e66288640e5870814d2d667cf92fe6530513023f3d7eab2dbf52f90b63f2cf57ad70447933d467e558d4a6edd0acff26ad3d650d

    Download Submit

  • /data/user/0/com.pekinihiwirede.pozoweha/app_webview/Web Data
    Filesize

    112KB

    MD5

    b663831f8cc130493476d94f2d7a5330

    SHA1

    043a1956ab8e40821d67043f8a9110a8eb36fb93

    SHA256

    c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

    SHA512

    e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

    Download Submit

  • /data/user/0/com.pekinihiwirede.pozoweha/app_webview/Web Data-journal
    Filesize

    1KB

    MD5

    8a8fcbb41c657f6d1a7faefb4784eebc

    SHA1

    bcf5eeac85fac5ba69d7a4300b8ca03dd1134c9e

    SHA256

    875547e1f0462e2cd5e89d0c20bdb2bf78a19f7ca43940e7498cd51171bd8283

    SHA512

    be8a40b084e337d6fb71483a5f6f9227782ad2bb93b4496c5ea496a186a64e31fabf1fad8c925bebacec34aea9d433cfd7ba1b88f1183f1c0935eca5387c4385

    Download Submit

  • /data/user/0/com.pekinihiwirede.pozoweha/app_webview/metrics_guid
    Filesize

    36B

    MD5

    93e3eb5076ce20befc7596dd8d901469

    SHA1

    737dac6e319ea52e0a42f2b3efac40f378f027e1

    SHA256

    af15c893e30c9850d99547725847f7116bd53c561033a91b8899a293f00a6e1c

    SHA512

    a1e32e7ec25994e5cb43577bf020b1551311ec90e22e1fba98e42a2b030a6bd78b425335ce8f96e9bbf2a03d042b93b216d3542c61664af595c3452df4deee27

    Download Submit

  • /data/user/0/com.pekinihiwirede.pozoweha/cache/WebView/Crashpad/settings.dat
    Filesize

    40B

    MD5

    c6d9278303ff1bdcbdb3f4741483b413

    SHA1

    b1d16aff7c2ce03d3b2cffed4378e15b7200ba28

    SHA256

    3e683222bb753727e83ad2b295f1b685d4d889734fe1f321cd7d80b0abc8d81d

    SHA512

    db8f9453e8106f174a5b4ac8ad06884360c5cd81ccca34215a0a78498433e1942ce13a89167cfa902a0db4a53fc829ffac324fadbf7f2fe54625f3457fb8a132

    Download Submit

  • /data/user/0/com.pekinihiwirede.pozoweha/cache/org.chromium.android_webview/Code Cache/js/index
    Filesize

    48B

    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

    Download Submit

  • /data/user/0/com.pekinihiwirede.pozoweha/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
    Filesize

    96B

    MD5

    eb62aa5211a6c5c47394f27c54664ce6

    SHA1

    eaae162a13dbca84c00af3e8bd0b5961e0d1dca5

    SHA256

    340fb39b5f6bbf69fcd7ece44da5d716741d4ab3de4be8c8792abee5ecc2c433

    SHA512

    33419990e63fb2956e607721cd1192644548733f2b0380af34b204c685160421b16335af351aa3cfc88f93ceb52670ccde29029852bb4f0350c4c73e9fe8c911

    Download Submit

  • /data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb
    Filesize

    8KB

    MD5

    b6ca8b30661a7844ed292db75a29a953

    SHA1

    8e0d397ab1f2ced1f143829084c3f53333743bdd

    SHA256

    63a219c7092be26641907c5f955aa977e7675e3922a8e4ee2af25bfed8c7bbfb

    SHA512

    d21ce3adf13d61369708ea000438f626973f20b08ca05a744c1cccb2d5e7c264a8af9c3ebd18a7a6a464d38e1c64146f8e881d29d71a0484dd94212315f6dceb

    Download Submit

  • /data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb-journal
    Filesize

    1KB

    MD5

    ede650799810caeb9367c21fedf3590c

    SHA1

    7823ad8e00683b94b92ccb6ea7e880649458eddd

    SHA256

    597a028176f73e27e6d168b5b885a2a2a2f375489e3b0d44343c2e227e3a5435

    SHA512

    04c19e6688c8f6eddff001d26db6f2595ff3f15286da9cf17932d181fde62a7dfe250946e761322a66deac34daccb8ce5f714aafb793f8694401767019515c9a

    Download Submit

  • /data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb-shm
    Filesize

    16B

    MD5

    4ae71336e44bf9bf79d2752e234818a5

    SHA1

    e129f27c5103bc5cc44bcdf0a15e160d445066ff

    SHA256

    374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb

    SHA512

    0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

    Download Submit

  • /data/user/0/com.pekinihiwirede.pozoweha/no_backup/androidx.work.workdb-wal
    Filesize

    346KB

    MD5

    3642de5322feca59ef30ceb5fed84c65

    SHA1

    8400b192512a868e83def20f87696f37da9c2316

    SHA256

    e69dffd72b67c44de2912f9f880e07eb3f5c141c7845627989f6055b1f4357aa

    SHA512

    1c72395dcd54d7fd453918ae7a2bdb18832203d719e125654e5f0c82833699d3e8847b444fbf702b142b2f9361b72212788e4cf1a3140416562f14a2084fff0a

    Download Submit

  • /data/user/0/com.pekinihiwirede.pozoweha/shared_prefs/WebViewChromiumPrefs.xml
    Filesize

    127B

    MD5

    6ef709b8536878951e87c29a1518fc2b

    SHA1

    24376c70b00152501b3d98df61fa7db435339172

    SHA256

    10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

    SHA512

    96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

    Download Submit

  • /data/user/0/com.pekinihiwirede.pozoweha/shared_prefs/settings.xml
    Filesize

    140B

    MD5

    4d9f55af4113326d6fcb383640a05ff1

    SHA1

    d468f8d4df5927ff477149c9eeab2af4daea621d

    SHA256

    39d09e93931dd6e25682418abd625910eef9bbe5d2fe18a8d0454ad62a5b7eca

    SHA512

    6526af892bf14b97bfc2499b9d90868e1403d3c8f55c5c9e25309063b086b553a3ecc25357d711923590dd4aff9354bf939387f17c674b2f5073c1f469491f60

    Download Submit