ermac | 73d121b346a55550b35afdb1b3828d0474981afa0efa8a48332147c520c5707f

Analysis

max time kernel
3518683s
max time network
76s
platform
android_x64
resource
android-x64-20230621-en
resource tags

androidarch:x64arch:x86image:android-x64-20230621-enlocale:en-usos:android-10-x64system
submitted
07-08-2023 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73d121b346a55550b35afdb1b3828d0474981afa0efa8a48332147c520c5707f.apk
Size

1.9MB
MD5

a5b3d8f5cdd23539d15999eb42db04a3
SHA1

d0e67af1c5c53a905c4b585d07463357d4c2e62a
SHA256

73d121b346a55550b35afdb1b3828d0474981afa0efa8a48332147c520c5707f
SHA512

b7f451135ecb549ee0a21e30d62b09710c23090ae99fa67d495349d649b9032836a2d4874cd9c08c111a32f8745457b7594b0a3bafbdebfcdab6ff1c3756d9e9
SSDEEP

49152:LNfbRndNMaoiAzvqHR4fG6SbSzpa8bFOGqb:JDRjMaoBz2BbT8Ls

Score

10^/10

ermac banker infostealer ransomware trojan

Malware Config

Extracted

Family

ermac

http://193.106.191.148:3434

AES_key

Signatures

Ermac
An Android banking trojan first seen in July 2021.
banker trojan infostealer ermac

Ermac2 payload 1 IoCs

resource	yara_rule
behavioral2/memory/4877-0.dex	family_ermac2

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.doviveracolo.cejexawo/app_DynamicOptDex/Qm.json	4877	com.doviveracolo.cejexawo

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.doviveracolo.cejexawo

com.doviveracolo.cejexawo
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4877

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.doviveracolo.cejexawo/app_DynamicOptDex/Qm.json

Filesize
452KB

MD5
32ed722a57067a4c56f8ee2be1e3e1ea

SHA1
7e1fc8446ed27ff8606863ce4b9785b1f6f81537

SHA256
5e4d5b0645a41df83e59fedb81259b90424b670d02e3651b853c1ea5a02758b8

SHA512
0feadb8dd5242a0b248a4f5d2fcca57f1af6cdbc1a6c913732477dd0a275200e8d0a927e3e1a4334713acd9149c027897abf4e6002c41a1f0a96d0877a0998e4

Download Submit
/data/user/0/com.doviveracolo.cejexawo/app_DynamicOptDex/Qm.json

Filesize
890KB

MD5
3bb80bc78453df5e92323cd3cf02b09b

SHA1
dee317fe397694e13868a30a4f64032cff9ae5f6

SHA256
f0a27f317b16703314bc185ae0f2ad6c9d7520b0a445d8632343a25e8799d959

SHA512
64240f52a8416a8230feae37fff071c657b3c4f8ae5f2eb594f257638742e43b592f922a0ad7c29e2eb106198d5a3ad14adc520a024a44ace5beeac0d69ecb4a

Download Submit
/data/user/0/com.doviveracolo.cejexawo/shared_prefs/settings.xml

Filesize
138B

MD5
45a4c2d0f29d6f0b3a8a05c54c08bd33

SHA1
9713f1aa8c8516d0c5576b98030c8b83285d7a71

SHA256
54ade7e88216c8cdaa155d2f97224a2e792d675429ec64d26839315bad51435d

SHA512
a5e9119494bf263daa831514754f8fdc5b09402871da1f03328933370a7631543552dc1c6279955b8a0250719b79dc3e5744aae53798e4b9af78a75c3001871e

Download Submit
/data/user/0/com.doviveracolo.cejexawo/shared_prefs/settings.xml

Filesize
182B

MD5
029b226d59f54eb9127a8fdd024fdda8

SHA1
e6a0b7881e82a60a1308cbb6c5a593bfe47c8091

SHA256
6e76e3c22986c5c07828958d1203643df3ce69cf19328a0916125e9c3c0f44ab

SHA512
5405066709036a0564649cbfdf8b916e56aba01e29357b742af95bf095a0be96d3ce631d6675a7944f15fb7f153d5726d4ba4e490bd0d8aa5df6d9c97be485d7

Download Submit
/data/user/0/com.doviveracolo.cejexawo/shared_prefs/settings.xml

Filesize
270B

MD5
0e98c17046d4305e96ee63dc983ccda2

SHA1
c49baabab2fe35ddcaeed3758356a3d92eefd3fc

SHA256
9bed7f98d8b1694b2a870bae443151fbf1b0522926fee5a0ea90355e3e97895b

SHA512
6614fa82afb4e7dd8e3cb56519d3a4e0e11ecc8805da4246153e593b4977689ef95d222356871938f98291796648ef52af79761d97e748459394bc20334b84e8

Download Submit
/data/user/0/com.doviveracolo.cejexawo/shared_prefs/settings.xml

Filesize
314B

MD5
cf07b98ed1426fa8286e862c436c7a5c

SHA1
cd8193924dec4757db1ae5bb864d798631edcb9c

SHA256
28b51a8ae5b9e3b781604c6b708b2289adbf9df6d4fe9f76d711cd9ce212f73f

SHA512
d9be27e70c00faf6ae8cb7bf515c9455644d3dab6745ff07cee8bd6198de63677e1b5bc4d86d393a54210d24fa94fe9aea34bcd7bddd6dcd4aa6435905dff78f

Download Submit