ermac | 25480135b73b5a471b66fdbcc10a154df26ffd58f7aaf8c71b1156f85e987eca

Resubmissions

15-05-2023 13:49

230515-q4rdnaea8w 10

02-08-2022 06:20

220802-g3y8fadahq 10

Analysis

max time kernel
531544s
max time network
167s
platform
android_x64
resource
android-x64-20220823-en
resource tags

androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
submitted
15-05-2023 13:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecureChat.apk
Size

2.4MB
MD5

7b5208630df41b5d3cb968cc1bea9a0e
SHA1

fc5d84f4b5d9b65732fbcebc255c962ead9dc85e
SHA256

25480135b73b5a471b66fdbcc10a154df26ffd58f7aaf8c71b1156f85e987eca
SHA512

ac35592b7a816c15e2ce4de6008b42bc33a0663051257f2c13d79d420f57495b44a65fc8575a8faa51396e6a5f0180fca3e4c7e2060b8f965a5e3fec53d13966
SSDEEP

49152:djiu7DzF+G3r/xoY6duVSGg++tHlwRUAj4fxofgwasHB6MknM:siF+Gb/xR6duw+GCIwrBN

Score

10^/10

ermac banker infostealer ransomware trojan

Malware Config

Extracted

Family

ermac

http://193.106.191.121:3434

AES_key

Signatures

Ermac
An Android banking trojan first seen in July 2021.
banker trojan infostealer ermac

Ermac2 payload 1 IoCs

resource	yara_rule
behavioral1/memory/4765-0.dex	family_ermac2

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.hecawoyokiyusati.xemiki/app_DynamicOptDex/CmxhSE.json	4765	com.hecawoyokiyusati.xemiki

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.hecawoyokiyusati.xemiki

com.hecawoyokiyusati.xemiki
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4765

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.hecawoyokiyusati.xemiki/app_DynamicOptDex/CmxhSE.json

Filesize
455KB

MD5
8741150f5e1564dd9d7e76f6ec9f7fb6

SHA1
cfe513b6c6945d49af22a6e4ccab5c8e9889e17e

SHA256
a18a72c69bfa8e5689f47bc340e9e45c8762293bd07dda4fe223f6dadcb6a08e

SHA512
cbfd577c24eb2ba6ec45f9acfdcae5e9b29dc8eee42de9fbd586c26c2b6bf98881f0975863706d8a581ab1a21ccfbf8bcc756d846d1547fb4f146e6d7d9adb85

Download Submit
/data/user/0/com.hecawoyokiyusati.xemiki/app_DynamicOptDex/CmxhSE.json

Filesize
898KB

MD5
8c2cd7b9abb46f623d8f979aa3b70a38

SHA1
50c2246f8000817f33229ffdf41abc971951ba49

SHA256
6e1fe61ad44b33fa6c134cf1af78a387f0dea07f3109ca6473777ee2f7bc6c11

SHA512
80dff700d823ac16e5617d01cade4464d49500d6802459629aaac05624c230401a0198e8c3aef89c75f488551b284715aaab241d738b8ba0062c86a40aaf2096

Download Submit
/data/user/0/com.hecawoyokiyusati.xemiki/app_webview/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.hecawoyokiyusati.xemiki/app_webview/GPUCache/index-dir/temp-index

Filesize
96B

MD5
588a46fcea3d4a4e7d37c2820cbb75a4

SHA1
5c1f3a857819c270a076601579add480a0a13c9d

SHA256
1e779ea59e2379dfe39fb0b7c543cbd4875ddeb940fbe8f788b1441d380ed67b

SHA512
adf0f99a944efaff511f4eb2019ddfcde92eb37ae1adc2eca0d65a0dadb4705638ecae310416fee8253d7104532c30c0f49856f5602af1840bdd33eee19fa0e5

Download Submit
/data/user/0/com.hecawoyokiyusati.xemiki/app_webview/Web Data

Filesize
112KB

MD5
b663831f8cc130493476d94f2d7a5330

SHA1
043a1956ab8e40821d67043f8a9110a8eb36fb93

SHA256
c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

SHA512
e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

Download Submit
/data/user/0/com.hecawoyokiyusati.xemiki/app_webview/Web Data-journal

Filesize
1KB

MD5
5c5831f2e1600b1f24da96fc5185077c

SHA1
28892605add763241e6e7589dc0365d983ba3dc7

SHA256
b6875c2d8ca0d94c29bf2108d21274c98e0866a968fa6864e859a3bd871a72b1

SHA512
77533da6fcbbf62347e7f9337d15230e651dc6f1281ab8ba6d1d0d1fde8f7e5ffe7781ad5ff0d62788966dd8927a578a44ae947520746ce448002fa509fa1e62

Download Submit
/data/user/0/com.hecawoyokiyusati.xemiki/app_webview/metrics_guid

Filesize
36B

MD5
9f404ba2d706228ed3979cb2b686890d

SHA1
2055430e6c232524776feb77843b428ee7b66fdd

SHA256
bd424c845df5bea466b2f3a7525bc1c4fc3cd83487ead2029b471729427cf781

SHA512
9ed62d0faeadd9fea630c8b5e2a0632d964134499730d3af1d13d61b5ef4cf2670dec8da7eec5d85395e45aa41950183fa735c1d1b760012fb0ee465e2ebd745

Download Submit
/data/user/0/com.hecawoyokiyusati.xemiki/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
2aba9030b416e5cb618963a08f4ed1b3

SHA1
2ce6306cbb64432f65004b3147d197dcd940ac15

SHA256
72ffb9b14faf6a48e349aa324fd1628797bf739294346f74b0fd8f5c4d67f144

SHA512
0e8d1b21f8b8d4d6291a5f1f5e187eef91eef13977d75e9cbf6010d1b59df8b6c516b0be5f7a1ea23256df535c25c6fa9941fc3da89002eb1c598b5cb50e51ea

Download Submit
/data/user/0/com.hecawoyokiyusati.xemiki/cache/org.chromium.android_webview/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.hecawoyokiyusati.xemiki/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
bf007776d9dcfcc4c1afc75b31e75c3f

SHA1
5485df78f155c0bdd19607cba1da13d0762c9f84

SHA256
71a3aac3fdfd13d25f216c19a91b376d5a94653c3f5e92c2414ae29442ca9087

SHA512
99eaf8049b661991ac192f70433a9afdb0918270ecff8e2bf61b313c7458f965b4ae9e207058ac386b6cad4c9b06d0f2194f1b02d9c43166895760e5777aadf5

Download Submit
/data/user/0/com.hecawoyokiyusati.xemiki/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
6ef709b8536878951e87c29a1518fc2b

SHA1
24376c70b00152501b3d98df61fa7db435339172

SHA256
10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

SHA512
96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

Download Submit
/data/user/0/com.hecawoyokiyusati.xemiki/shared_prefs/settings.xml

Filesize
140B

MD5
9eccee7cf8fb5cbd10b060a89aac2978

SHA1
d681e18bebf91801e7db1cafff328a4ada67077e

SHA256
2598b90720139584a50648051b16717b9ceb2d8293de271c2f0e6a591656c520

SHA512
be9558810af5c7909f34874f1491dabfd32adc2cb258be87150f3ef46ab487eeafb88d8e3aa9a741079f1e5f4c61216f1dfa52fe6b6dddb522ccd41d44bc7f46

Download Submit