Overview

overview

10

Static

static

7

1c310cd242...5d.apk

android-9-x86

10

1c310cd242...5d.apk

android-10-x64

10

1c310cd242...5d.apk

android-11-x64

10

RobotoMono-Medium.ps1

windows7-x64

1

RobotoMono-Medium.ps1

windows10-2004-x64

1

boost_01_effect.xml

windows7-x64

1

boost_01_effect.xml

windows10-2004-x64

3

boost_02_effect.xml

windows7-x64

1

boost_02_effect.xml

windows10-2004-x64

3

boost_03_effect.xml

windows7-x64

1

boost_03_effect.xml

windows10-2004-x64

3

boost_04_effect.xml

windows7-x64

1

boost_04_effect.xml

windows10-2004-x64

3

dragEffect.xml

windows7-x64

1

dragEffect.xml

windows10-2004-x64

3

fyb_iframe...l.html

windows7-x64

1

fyb_iframe...l.html

windows10-2004-x64

1

fyb_static...l.html

windows7-x64

1

fyb_static...l.html

windows10-2004-x64

1

Analysis

  • max time kernel
    3610959s
  • max time network
    159s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230621-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230621-enlocale:en-usos:android-11-x64system
  • submitted
    08-08-2023 22:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c310cd242a87be5cfc15ead92cbeccadd3d14de3a03fb043286ca11c8afe05d.apk

  • Size

    3.3MB

  • MD5

    4ad2a756156f9d674fcb21fff2fd37ab

  • SHA1

    5260cb40dc651def5a8c265acdbadf6230a06e83

  • SHA256

    1c310cd242a87be5cfc15ead92cbeccadd3d14de3a03fb043286ca11c8afe05d

  • SHA512

    58a3c08fd315a430360859a6c7a1bc90f4c943ff8802e2285c289edfeeb7540217aa64f92a3cdc65f2683a443f1dd96ef8accfea1f852ed27045e7107530e426

  • SSDEEP

    49152:aMQHcdO/rcUbk5wX1hAqYax8sTH30OQfD4fY7DvgJXCgcuHZnOmW9ihOeS/Pu:aMQDoSeqYax3EOe7DIXCRspOP9yS/G

Score
10/10
ermacbankerevasioninfostealerransomwarestealthtrojan

Malware Config

Extracted

Family

ermac

C2

http://91.213.50.62:3434

AES_key
AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 1 IoCs
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Removes its main activity from the application launcher 2 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Queries the unique device ID (IMEI, MEID, IMSI).
  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.xemitawitapenu.ninoso
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4371

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.xemitawitapenu.ninoso/app_DynamicOptDex/yMyYUc.json
    Filesize

    536KB

    MD5

    c6f4657e0f6c25aad875055cb6d00394

    SHA1

    d0193b09d5833973a2ed30b31cbc412ba29da1b2

    SHA256

    977347e4a3829de61e9b566ef66c380093f6c606955f0dea7574d2044fe76d9b

    SHA512

    dacd01794b379364e24df8d566c5ccb8ab194662b0f32e6dc50086a7d33f1f56ce915ea131552f0385000c8abf85073fc55425c7d45fdb244f2b8aca1513850d

    Download Submit

  • /data/user/0/com.xemitawitapenu.ninoso/app_DynamicOptDex/yMyYUc.json
    Filesize

    1023KB

    MD5

    58c2b26dd2b220b55f32dab0b7733849

    SHA1

    a898eeeed3ab0006eeccdeb26c4b0cb8927b0892

    SHA256

    fab5de97fb36eb6ef199fcc4edb004163109b344a76ff9054c799dc4dbf65ad9

    SHA512

    947cda664ed431f25bd1b071e43b056dfa8eb90e510279a8cba8666a15cb35d25ded3389816c129c6903205c6e7cadfdc0dd6a120efb7762797ba921dbf4bc1d

    Download Submit

  • /data/user/0/com.xemitawitapenu.ninoso/shared_prefs/settings.xml
    Filesize

    138B

    MD5

    a3f99540572fc7fc7542b849ac201e3a

    SHA1

    38a556b62914f30934905cbbdcd7a632134be1a9

    SHA256

    1b846f5238571dfb29e5b2291f826f065d92346848582c2a2402cd8a2b52b2ab

    SHA512

    ce644a41bf1830f86390779de04f0ca1db8145a24e1064b19d1d9cd23cf74c33a251cc3ce0527005812cc78aec8b27eae16cbf3d09a99854c136d1cc85d9f488

    Download Submit