Overview

overview

10

Static

static

7

1c310cd242...5d.apk

android-9-x86

10

1c310cd242...5d.apk

android-10-x64

10

1c310cd242...5d.apk

android-11-x64

10

RobotoMono-Medium.ps1

windows7-x64

1

RobotoMono-Medium.ps1

windows10-2004-x64

1

boost_01_effect.xml

windows7-x64

1

boost_01_effect.xml

windows10-2004-x64

3

boost_02_effect.xml

windows7-x64

1

boost_02_effect.xml

windows10-2004-x64

3

boost_03_effect.xml

windows7-x64

1

boost_03_effect.xml

windows10-2004-x64

3

boost_04_effect.xml

windows7-x64

1

boost_04_effect.xml

windows10-2004-x64

3

dragEffect.xml

windows7-x64

1

dragEffect.xml

windows10-2004-x64

3

fyb_iframe...l.html

windows7-x64

1

fyb_iframe...l.html

windows10-2004-x64

1

fyb_static...l.html

windows7-x64

1

fyb_static...l.html

windows10-2004-x64

1

Analysis

  • max time kernel
    3610842s
  • max time network
    157s
  • platform
    android_x86
  • resource
    android-x86-arm-20230621-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230621-enlocale:en-usos:android-9-x86system
  • submitted
    08-08-2023 22:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c310cd242a87be5cfc15ead92cbeccadd3d14de3a03fb043286ca11c8afe05d.apk

  • Size

    3.3MB

  • MD5

    4ad2a756156f9d674fcb21fff2fd37ab

  • SHA1

    5260cb40dc651def5a8c265acdbadf6230a06e83

  • SHA256

    1c310cd242a87be5cfc15ead92cbeccadd3d14de3a03fb043286ca11c8afe05d

  • SHA512

    58a3c08fd315a430360859a6c7a1bc90f4c943ff8802e2285c289edfeeb7540217aa64f92a3cdc65f2683a443f1dd96ef8accfea1f852ed27045e7107530e426

  • SSDEEP

    49152:aMQHcdO/rcUbk5wX1hAqYax8sTH30OQfD4fY7DvgJXCgcuHZnOmW9ihOeS/Pu:aMQDoSeqYax3EOe7DIXCRspOP9yS/G

Score
10/10
ermacbankerevasioninfostealerransomwaretrojan

Malware Config

Extracted

Family

ermac

C2

http://91.213.50.62:3434

AES_key
AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 2 IoCs
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.xemitawitapenu.ninoso
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4114
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.xemitawitapenu.ninoso/app_DynamicOptDex/yMyYUc.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.xemitawitapenu.ninoso/app_DynamicOptDex/oat/x86/yMyYUc.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.xemitawitapenu.ninoso/app_DynamicOptDex/yMyYUc.json
    Filesize

    536KB

    MD5

    c6f4657e0f6c25aad875055cb6d00394

    SHA1

    d0193b09d5833973a2ed30b31cbc412ba29da1b2

    SHA256

    977347e4a3829de61e9b566ef66c380093f6c606955f0dea7574d2044fe76d9b

    SHA512

    dacd01794b379364e24df8d566c5ccb8ab194662b0f32e6dc50086a7d33f1f56ce915ea131552f0385000c8abf85073fc55425c7d45fdb244f2b8aca1513850d

    Download Submit

  • /data/user/0/com.xemitawitapenu.ninoso/app_DynamicOptDex/yMyYUc.json
    Filesize

    1023KB

    MD5

    70450c54a73e81f6da8807056c4acbd2

    SHA1

    9004cb46929f7fb6b8316b71fc692c9e48b56a77

    SHA256

    7099463c5be556a42349dd7300ca429e3ecbafe728e48741d0cd8a7991f32e44

    SHA512

    5241efc8fb48de9cfbdc65f0268b349bbe168fc75e270c825deca094024463f5b9c9e6ac1de51c4028cf429725fd6d974f06a6b4dbb64031d134860b1f80218e

    Download Submit

  • /data/user/0/com.xemitawitapenu.ninoso/app_DynamicOptDex/yMyYUc.json
    Filesize

    1023KB

    MD5

    58c2b26dd2b220b55f32dab0b7733849

    SHA1

    a898eeeed3ab0006eeccdeb26c4b0cb8927b0892

    SHA256

    fab5de97fb36eb6ef199fcc4edb004163109b344a76ff9054c799dc4dbf65ad9

    SHA512

    947cda664ed431f25bd1b071e43b056dfa8eb90e510279a8cba8666a15cb35d25ded3389816c129c6903205c6e7cadfdc0dd6a120efb7762797ba921dbf4bc1d

    Download Submit

  • /data/user/0/com.xemitawitapenu.ninoso/shared_prefs/settings.xml
    Filesize

    138B

    MD5

    a3f99540572fc7fc7542b849ac201e3a

    SHA1

    38a556b62914f30934905cbbdcd7a632134be1a9

    SHA256

    1b846f5238571dfb29e5b2291f826f065d92346848582c2a2402cd8a2b52b2ab

    SHA512

    ce644a41bf1830f86390779de04f0ca1db8145a24e1064b19d1d9cd23cf74c33a251cc3ce0527005812cc78aec8b27eae16cbf3d09a99854c136d1cc85d9f488

    Download Submit

  • /data/user/0/com.xemitawitapenu.ninoso/shared_prefs/settings.xml
    Filesize

    182B

    MD5

    428b01b0409fe6ad76c6ba778fe98803

    SHA1

    0b4fd9b7eb57f45d63e63cf465ec762ef32f2252

    SHA256

    1a81d3e07f61e15e4827a59fa04953a8113518b4abda60fe9961757bd082fae2

    SHA512

    ecbc19b9dd05b95cfbc4c13c5e634aac3031a10b2eeb64f75f9d9e81025279fe0314a0d2d9f84b0207037530e0d40c44de35ff5bb4227449536fa080fafc25e1

    Download Submit

  • /data/user/0/com.xemitawitapenu.ninoso/shared_prefs/settings.xml
    Filesize

    270B

    MD5

    88ba6806e260749ae0ba855f5c993d3a

    SHA1

    7fe17e0caa44f600a7bac47ffb9296004b12e113

    SHA256

    1876e5bc65cdf4fed75da355e99103064fd7b564694127726e8a79d8c80acda3

    SHA512

    2a84ef682c48b31003f55b8a02d5e745240e5bc040720a108c678617623d7436c3715d0ff3d04e10ed8c21b48a3bdcbeff227441ad89f201e3ad0193f4ff1778

    Download Submit

  • /data/user/0/com.xemitawitapenu.ninoso/shared_prefs/settings.xml
    Filesize

    314B

    MD5

    33a06c1487cecb2807980f6645ada136

    SHA1

    f755361e324f129370aff13193b1e001be6468e1

    SHA256

    005fefe126a20dc2a5e20b37338039563be0f121a5ae78e4d059197d02e22085

    SHA512

    3d6bcdf6219eef4af9a26037f084707476b1b526467e9f6f43628aa820507064a8c07816210e31f9214bc0aaeb681abed9db44cd6505b283cc48487195209fd3

    Download Submit