Overview

overview

10

Static

static

7

0ec3aba023...3a.apk

android-9-x86

10

0ec3aba023...3a.apk

android-10-x64

10

0ec3aba023...3a.apk

android-11-x64

10

Analysis

  • max time kernel
    2992358s
  • max time network
    164s
  • platform
    android_x64
  • resource
    android-x64-20220823-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
  • submitted
    24-04-2023 08:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ec3aba023da64c28c3e664ba83a337782c855f3b39874cde59fe8f60b93573a.apk

  • Size

    4.6MB

  • MD5

    1c74d4eeebdbd04e6f9524f63b15b84d

  • SHA1

    5d86aefe2e6632572b971338a5556ee8a9fc96c9

  • SHA256

    0ec3aba023da64c28c3e664ba83a337782c855f3b39874cde59fe8f60b93573a

  • SHA512

    866761e39296f3399a8b0af6209a644a1a54e0a5519130acf0fafc82e11ec36de83c7d4b7d38f4c4606dcae0a0c745d5f2896e8109d4d5c768ecdd04cd0c4852

  • SSDEEP

    98304:k4HuqlDao42RLqaw/jTLq36t+FpyhRTcKm6eAdjTvQlye2tuT/gUMlgm:zHZ2oZ+tm4+fyTTc+JTvy0tK/L+gm

Score
10/10
ermacbankerinfostealerransomwaretrojan

Malware Config

Extracted

Family

ermac

C2

http://194.26.29.28:3434

AES_key
AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.qjlpfydjb.bpycogkzm
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.qjlpfydjb.bpycogkzm/app_webview/GPUCache/index
    Filesize

    48B

    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

    Download Submit

  • /data/user/0/com.qjlpfydjb.bpycogkzm/app_webview/GPUCache/index-dir/temp-index
    Filesize

    96B

    MD5

    afdc56533c44e492f55d37ef3a702455

    SHA1

    b80d8db6bfdd1444ab1fa94b8d50b1530d6407ad

    SHA256

    d3461583a639d1033e9392bcc888a313ee9b0c17a58b22e1af5e0339329d25ef

    SHA512

    9bd90eb5effa12500d964864dc83017b3ad37988eebcef4d10caf712c24dfc1efa6910a42b5e294239342a10e01093726484cc22dce866d326c1dcae84ec6406

    Download Submit

  • /data/user/0/com.qjlpfydjb.bpycogkzm/app_webview/Web Data
    Filesize

    112KB

    MD5

    b663831f8cc130493476d94f2d7a5330

    SHA1

    043a1956ab8e40821d67043f8a9110a8eb36fb93

    SHA256

    c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

    SHA512

    e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

    Download Submit

  • /data/user/0/com.qjlpfydjb.bpycogkzm/app_webview/Web Data-journal
    Filesize

    1KB

    MD5

    ec1f1f79ed0aea31fcff1e1de5f9303c

    SHA1

    b460898e699373703d8324f5c6c3074c33617509

    SHA256

    10f909e03fc7a4140fa5ffc9d735b69e5d8874fc1601883864a6666a8249263f

    SHA512

    bf59007a7abe3c79e261db8074d488639297fa1ff01e7e0a7d640fc5f959af49196d210bf04840eac4ca298e82dbd25a5d0971a29bee517a7b307dd27bb2071e

    Download Submit

  • /data/user/0/com.qjlpfydjb.bpycogkzm/app_webview/metrics_guid
    Filesize

    36B

    MD5

    a9eefbe1ff181c3e18a69a1467c472d9

    SHA1

    5bf7da403b7909f6b563ce9fbc9ce7f4d417fcb9

    SHA256

    cf6dfb3510df206c1571e0ac977c545792ed8a0cbb361957a49e911f62e07531

    SHA512

    fd01ba07c4943c8082603b5d750a45c1ad471277ccbba992d17af14cfa0cc94aeb8e5485ab8493214fb30f26e621e2dab863e0559c61475e476d4c5b47af2823

    Download Submit

  • /data/user/0/com.qjlpfydjb.bpycogkzm/cache/WebView/Crashpad/settings.dat
    Filesize

    40B

    MD5

    820e641e54d01bac60dcf8873d0c9693

    SHA1

    a3306e1b1620886743ac55319a68a2ce788e4856

    SHA256

    873f03624d22355255e2234166b7386138064ba37b4d0c92e8378ee8604ebf94

    SHA512

    c6bc4a309e4a96446f258c401cb04a1edc16e2bd5c8d918d6ae05c952149621b0b538cc7935fbc2d4bdab7562800b074d1cf18b65f4542cd193e5c5b0d0c2711

    Download Submit

  • /data/user/0/com.qjlpfydjb.bpycogkzm/cache/org.chromium.android_webview/Code Cache/js/index
    Filesize

    48B

    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

    Download Submit

  • /data/user/0/com.qjlpfydjb.bpycogkzm/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
    Filesize

    96B

    MD5

    91e64aef55108a0bc0c4588b186c8e72

    SHA1

    2d590ed1aeee40395bd1d9f96bed8f37555a19a1

    SHA256

    37fd16e73a90b0befdbff6537ff216299d6ebb4751c35819f6277040632f5905

    SHA512

    e41856b20364f3794176b7187cc75610fa2d214f54aa149f2e0a630d7322c7e61d8cdd786b1645861f2497293f14bb3a01e5b0ba0f20536c380e6fe13ebf5e5a

    Download Submit

  • /data/user/0/com.qjlpfydjb.bpycogkzm/egfU8goe8U/8yUk8fjykG87ekU/base.apk.kI9Ugey1.i8w
    Filesize

    1.4MB

    MD5

    b6743ab0c201878d1af5f0343ebe8fc6

    SHA1

    01300063b5906c950eff077f3ce980ecefa048e9

    SHA256

    36d11490991e9ec4ca3697e80b83ecca02d4457b71c5586531298766cf7ba8a3

    SHA512

    4f2801d8ca40def3013175fd08ad1a7cb6bd354397c3bcf0aeba01abb11d6189673c06f82e1808e7415ef55018120e31574e9e419baaca71f18e84e6db51a3c8

    Download Submit

  • /data/user/0/com.qjlpfydjb.bpycogkzm/shared_prefs/WebViewChromiumPrefs.xml
    Filesize

    127B

    MD5

    6ef709b8536878951e87c29a1518fc2b

    SHA1

    24376c70b00152501b3d98df61fa7db435339172

    SHA256

    10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

    SHA512

    96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

    Download Submit

  • /data/user/0/com.qjlpfydjb.bpycogkzm/shared_prefs/multidex.version.xml
    Filesize

    306B

    MD5

    ee5cb29225d53ea1a02f2262d5c0f47f

    SHA1

    9cfb4209ab74243c6bcd8c40ca3348bf8bae16cb

    SHA256

    a0a6013430cbfc606f41553d97758ed720fe7db621ec43ecfe1c497b8ac6a033

    SHA512

    3f54ee48b813d9ef8366a45e13d0d189dfbb9e708717600d0cf205ed5da3dc3f9aab051cdb728705e85d8470b3752fecf572d19796a0f0e4332145a06a5dfb96

    Download Submit

  • /data/user/0/com.qjlpfydjb.bpycogkzm/shared_prefs/settings.xml
    Filesize

    136B

    MD5

    6cfa8b67e515d52630433d8c10ab2384

    SHA1

    c872b36e27c8898c3987cc06593d429ea078725f

    SHA256

    679a557dcf4e6a85f851d92a1f6e5f3c9244c1169ae24f99086da95c69b50cd9

    SHA512

    f46eb8374ba84246a226e96069967fc8dc035530b1b7ad192894fc82389dd572461ec85bf4f09d945422267b53bc9fa7d7f35cf99b604e6fe057e92339bba83b

    Download Submit