ermac | b3ee8c90d9038c94565785ba2eeca0362de853a6324e3c93736a22eba09b50f2

Analysis

max time kernel
1687394s
max time network
46s
platform
android_x64
resource
android-x64-arm64-20230621-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230621-enlocale:en-usos:android-11-x64system
submitted
17/07/2023, 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b3ee8c90d9038c94565785ba2eeca0362de853a6324e3c93736a22eba09b50f2.apk
Size

2.8MB
MD5

c909a9df9dc4c6508eb4cf7c68aa5293
SHA1

0adf0df2c56c8b76b27abde0e73d18bede6c8274
SHA256

b3ee8c90d9038c94565785ba2eeca0362de853a6324e3c93736a22eba09b50f2
SHA512

782e63f86e8662230dc3f22bc872ed54a8a4e8284f965c869831bf14ee2ce0dfb83a473031b4bd9579e205928211498c75e06182063fcf8c26ce6b254b16831f
SSDEEP

49152:LTMV/hemABwhkqfbDU0g8fYz5mgzMTym95CFHnrNUlgocZFWy3ACdv3IFoBQ/g:LTk/zRbDU8Yz5mXTyuynrWl/cZco52Fe

Score

10^/10

ermac hook banker evasion infostealer ransomware rat trojan

Malware Config

Extracted

Family

ermac

AES_key

Extracted

Family

hook

AES_key

Signatures

Ermac
An Android banking trojan first seen in July 2021.
banker trojan infostealer ermac

Ermac2 payload 2 IoCs

resource	yara_rule
behavioral3/memory/4412-0.dex	family_ermac2
behavioral3/memory/4412-1.dex	family_ermac2

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service. 3 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.dohisoyumokexisi.jufosiji
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.dohisoyumokexisi.jufosiji
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.dohisoyumokexisi.jufosiji

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.dohisoyumokexisi.jufosiji

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.dohisoyumokexisi.jufosiji/app_DynamicOptDex/xCB.json	4412	com.dohisoyumokexisi.jufosiji
[anon:dalvik-classes.dex extracted in memory from /data/user/0/com.dohisoyumokexisi.jufosiji/app_DynamicOptDex/xCB.json]	4412	com.dohisoyumokexisi.jufosiji

Reads information about phone network operator.

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.dohisoyumokexisi.jufosiji

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.dohisoyumokexisi.jufosiji

com.dohisoyumokexisi.jufosiji
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.dohisoyumokexisi.jufosiji/app_DynamicOptDex/xCB.json

Filesize
674KB

MD5
175bb924fc9f89f16a75772a8d9f152b

SHA1
04b1a438617f073751cf5347e3cb0ee95dcff32d

SHA256
3fabd4daed04836e54116b2d44af9027e32c3d5b7a1075d2399e9a5ba3bf269c

SHA512
8aa3c3e74c6a2a2f0d739e7896157ebd62c79bf4513435b9ed666bc3b5a08757869fb0594d9ad685f6b40e4721a0c931674c6900768410e172322d332d48ace6

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/app_DynamicOptDex/xCB.json

Filesize
1.5MB

MD5
e0eaeebcf53c831477bc5cd6b908822a

SHA1
3ea42012ab8fdac61426eb494a51f755a6d331d0

SHA256
84765b800ce4182b581719ad1fb35afdea8e0dc20f47b025a5df78837a91fbb6

SHA512
626605b9d3a5e7dcf3b582cd56aec18a99d7beb23df99323de9924b7ad86b442ce9d8213710a54fbb47ad965e1caa09c7bed7b704a531154450187f590d0c98d

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/app_webview/Default/GPUCache/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/app_webview/Default/GPUCache/index-dir/temp-index

Filesize
96B

MD5
077e4e1fbd295bb56c6d798634f4f1a5

SHA1
d41e18f459b9b50aaaddc4d8d5cc2913b68adef4

SHA256
7bcc40d9972b0d94939ccf626c787897fc9666a53cd150bbcc44f0b7f067e01a

SHA512
38c427a9777f775efbdb9567299cd000d2bd66e858bb3da09c699cc91b21d3a7b94ea0d5714989b2321db67ea088c2c321e2523e5f498ff3c7454fa1fa5b1e5f

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/app_webview/Default/Session Storage/000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/app_webview/Default/Session Storage/000003.log

Filesize
61B

MD5
9f7eadc15e13d0608b4e4d590499ae2e

SHA1
afb27f5c20b117031328e12dd3111a7681ff8db5

SHA256
5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923

SHA512
88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/app_webview/Default/Session Storage/LOG

Filesize
141B

MD5
811b2928e8ef9783f87fe55b0bf40916

SHA1
d6046fd9e1ae2c1d2d0aeaf0b20006953aa78ba3

SHA256
3e21577655188617939c2c96e9fd4b45171544b65873babdb7ecbbaea2593fb2

SHA512
b438d56b6a1745fbdd1e3f576d9eb758e02ac16cd7f50f8c5f69dd0c95f0cf7108d4e608da3732901e96b9ce18c8ddfbcb614669481543fe3fe0def5e3afd9b6

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/app_webview/Default/Session Storage/MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/app_webview/Default/Web Data

Filesize
120KB

MD5
a48cd9324b1f8754b07f00d863b840f3

SHA1
11c6614775b35a58f440971dfc87c8aaac6d6173

SHA256
8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420

SHA512
35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/app_webview/Default/Web Data-journal

Filesize
2KB

MD5
ecb930e6888dfc96bebd411412173e69

SHA1
f787b51e0c94d942a8fc6e279337e20c075a627c

SHA256
3e1bf6efac355ecc33050be4f653e9080fad52fbdee89b4b59e824549a17d302

SHA512
cd94909e2204b95a370955a47e1b9b1cbf8b3ccbac44756a7f04b46fd265dacd4b90e90ff09de22bf5c01f8ba7e042f72f30e6ae0fe970d399eda35f3d4ef117

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/app_webview/webview_data.lock

Filesize
35B

MD5
641a2ef3dd79a60f6d4946975beefffe

SHA1
1043811e2be5b4da99dbd17f43c9a39eac4c4632

SHA256
68ac4015a4f11152aa24905766de0473248d4f7cb3050d3e1c3e4c522485d283

SHA512
4ab6abd0f95870e479d7199123e4d98849623eaa061cfa1141bb45c44f711ed8341412ab3aa751d2d5c52afefdb299a409fbb3df63e6dbcbd0669d9ef6e1d8e3

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/cache/WebView/Crashpad/settings.dat

Filesize
40B

MD5
cb7d3dd605ba81041e04cf363ba0728b

SHA1
d4c1c2abe1ceb9e47553326ba31e92373be053d3

SHA256
af53da8a9da9f35eea830e982c56c2696b90084ff5e100a44ff1e76932af9790

SHA512
2f75d9e8779e8c8ad20597c062df15e6619d35626d30ebd007ff2022afc7ffe6a7d3255fddf0e37d74f2989d912108b7f19f565e4cbf7c1d182e19e7f258feb9

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/cache/WebView/Default/HTTP Cache/Code Cache/js/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index

Filesize
96B

MD5
c925a915af52f972511a1f6aad1c217d

SHA1
f1de01dc69c2b3c557a17dcbc184cf769739d4f0

SHA256
0777e6c171a02788c4c78d6abc85254ce1f0919054ba80a45371250d10545559

SHA512
61a0a40ff6248eeeb83970d3abb3f6151fba4734ef2da1649aed6cf06bf1a728315724bab0f97ec162a09099503755a6f2c8a8a8f1c8baa0b3492d9034068898

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index

Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index

Filesize
96B

MD5
33b2372851f07e7ee78929b38c8680c7

SHA1
0713a5920cf2ceb166eb41310774f0af993a330a

SHA256
03dea3101bcc64036f0415747753c0ee4418972ed7c06f23c778e9e8a1b3f404

SHA512
f178f6c86170e69b5891680656b6441a68525bde8b61298732d94392dbb4b14df39b775356e9d5557853c3b8f7d8f219bc03aa422fb349cb068d97a3042f385d

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/cache/WebView/font_unique_name_table.pb

Filesize
57KB

MD5
f080fa2a56ab5479d58063e5ea871447

SHA1
4b3fd57a98916fa5784305b76ba30af26b5253d9

SHA256
0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815

SHA512
8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/no_backup/androidx.work.workdb

Filesize
8KB

MD5
e579a6b00eef1318f9166352228eba18

SHA1
76988896854f0139083e77862eea1a4846cf039f

SHA256
4b34cf505050facf47aa7936e4e7667e1969105665c632b3eefe7ecddf9a6935

SHA512
c47632e957d87727bf6504a82ca7a44d8da24d30cd997a0f449a96e4f97c656a1b4d9da3fcd827e2a48c59677688da0b872358ebd0f9369d898d1b8ec18d5699

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/no_backup/androidx.work.workdb-journal

Filesize
1KB

MD5
f797dab0a225799944e6370dd4270068

SHA1
2ad61d4749ce1cda39854af0adb8f5757b9f2184

SHA256
25482845eb43990f077b26a54c5155cb92da61341475c75fca687486d1cb4fe4

SHA512
3429c623fc50e8de254398b9b5f7f2c4985b296233d2d1f5977ca8e0b0814a18f2060003981e1561e0ee3d9421720a170bf932b3e99ee711523437c42c638280

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/no_backup/androidx.work.workdb-shm

Filesize
16B

MD5
4ae71336e44bf9bf79d2752e234818a5

SHA1
e129f27c5103bc5cc44bcdf0a15e160d445066ff

SHA256
374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb

SHA512
0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/no_backup/androidx.work.workdb-wal

Filesize
346KB

MD5
30210da0e76fd9c8312cb6154e02e80e

SHA1
9daef30e3986ea7f95439170a68c0e07be59c7c2

SHA256
bc3576bde144fac5f7dae7c94e723e22a481f8831d89f2b4f132daf8ac792519

SHA512
df6538ba256081785d468bf412b523c578f70952fe0fab7cb50b13a3f3972b32dc12173a34d9fb2f9f39cd56c93db49e64408372f7bb467fcb0baa99c9868edb

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
97ccd9a2b2063143df56b6937f961ca4

SHA1
5e78a91ae5df289ce83443cb7d5589dd3504fb5d

SHA256
248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

SHA512
86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

Download Submit
/data/user/0/com.dohisoyumokexisi.jufosiji/shared_prefs/settings.xml

Filesize
142B

MD5
dcee2cc3108e94c1890b06a34f633fff

SHA1
290fe998986d6cb565433cfd5e6e8b99dbcaf82e

SHA256
19526b94fc37ff19b7df0e19bdc7dbe960b96186f683654a5a74b964d712e488

SHA512
43074288dd10ac080cb89e08dcff115d879275444399f688ce41ecf4c751fc4f4c4a3cc095a5f6a5903ef1cd11dbad2b1d94aa9e59afd9baed9d25e861a2fac9

Download Submit
[anon:dalvik-classes.dex extracted in memory from /data/user/0/com.dohisoyumokexisi.jufosiji/app_DynamicOptDex/xCB.json]

Filesize
1.5MB

MD5
e0eaeebcf53c831477bc5cd6b908822a

SHA1
3ea42012ab8fdac61426eb494a51f755a6d331d0

SHA256
84765b800ce4182b581719ad1fb35afdea8e0dc20f47b025a5df78837a91fbb6

SHA512
626605b9d3a5e7dcf3b582cd56aec18a99d7beb23df99323de9924b7ad86b442ce9d8213710a54fbb47ad965e1caa09c7bed7b704a531154450187f590d0c98d

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads