Overview

overview

10

Static

static

7

Update_2.apk

android-9-x86

10

Update_2.apk

android-10-x64

10

Update_2.apk

android-11-x64

10

Analysis

  • max time kernel
    4080410s
  • max time network
    37s
  • platform
    android_x64
  • resource
    android-x64-20230621-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20230621-enlocale:en-usos:android-10-x64system
  • submitted
    14-08-2023 08:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Update_2.apk

  • Size

    2.5MB

  • MD5

    74867338c06a1f272c438061fef7cbc9

  • SHA1

    3893e622353dffcc1a98f37503aa6cea4ff539a4

  • SHA256

    08d4f2f90e1adcd801c3e3dae90e5b0680941d49e0ff426291ffb0e32868fded

  • SHA512

    4096fc3da212fffe8a650fe1121e48823eb78c5ea9206c95d41122ee29b4d87839e8523df7948a22eb347eb53dcb3f28f5ce3f79f07ed1ec9b4365bfe100a3cb

  • SSDEEP

    49152:3RW2M93mpiIZTVpMg86GaoXyAT/98+Pe5eN/Xqgp7yQ0:42e2picVpxGaWy2c5eggxyP

Score
10/10
ermachookbankerinfostealerransomwarerattrojan

Malware Config

Extracted

Family

ermac

AES_key

Extracted

Family

hook

AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 2 IoCs
  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.bugomadokijowa.vokusaya
    1⤵
    • Loads dropped Dex/Jar
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4790

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/OlAIOFd.json
    Filesize

    674KB

    MD5

    1bbc4433156d2aa4851868d91185d1f1

    SHA1

    34d77f845846210fe53fd6e0a4c3ac4ed623ccaa

    SHA256

    e594d7411adae93edac426b94f6fe467b735636c309822607e209d923a703057

    SHA512

    39aeea849058d849689a45d1ad71a90e599eefd88261ca880a12e873e3faa49d7b30e2c7bfff317f124cf809c3624167c62c477225fa6931f45c048cff550605

    Download Submit

  • /data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/OlAIOFd.json
    Filesize

    1.5MB

    MD5

    e5655b6086c37472ba5e4d6875a46632

    SHA1

    278e74bd60c8682c8dd06ecf349f61fab3d07977

    SHA256

    1194d345776a065d3b46dab0d3d00651e69921cd0d94d8c8e8f3c44c8f781944

    SHA512

    9eba6c1427ecac5f1783151a2aa3d38b3dea26ff02e688d0cc92130abba154ae398676514603aa8cfc90dc7bab4e0b4e51e60f615871947e58282fa5b08b83f8

    Download Submit

  • /data/user/0/com.bugomadokijowa.vokusaya/app_webview/GPUCache/index
    Filesize

    48B

    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

    Download Submit

  • /data/user/0/com.bugomadokijowa.vokusaya/app_webview/GPUCache/index-dir/temp-index
    Filesize

    96B

    MD5

    8a94e5126f1c9383d66a24907b193da1

    SHA1

    e088d01d3cd6ef17f904f2906bc3aa16a919156d

    SHA256

    fd9aeb86c9b27f58de9c5ba7c26626be49734841fd010d830330dc65f7156ab0

    SHA512

    3ea599b59a358371ae15859e73f3f0ff72c4612b06c23aa3dd6852275423c88ab8ee61b5aa2a84abcba91cc2a5db59203f18e95c3fc2efcdde0017d3d67ad2ff

    Download Submit

  • /data/user/0/com.bugomadokijowa.vokusaya/app_webview/Web Data
    Filesize

    112KB

    MD5

    b663831f8cc130493476d94f2d7a5330

    SHA1

    043a1956ab8e40821d67043f8a9110a8eb36fb93

    SHA256

    c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

    SHA512

    e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

    Download Submit

  • /data/user/0/com.bugomadokijowa.vokusaya/app_webview/Web Data-journal
    Filesize

    1KB

    MD5

    ff9506a605f42c42cdc7a72e98597fdc

    SHA1

    2215a770c396372ce5416bb2b15d3505f12657c2

    SHA256

    9db1ac5017ec5f180407c56117e2118f62f7bfa99b3427b9e84cd8c53f18acf6

    SHA512

    ad7fba5da657b8bc3f229c4ba9ae9c73d9b8de9264e4ebfbc23f4e93a81d867b611c085e5486ae1b6acfbbd3e5463418f426e4d9391dff72b3701e0f4a765b03

    Download Submit

  • /data/user/0/com.bugomadokijowa.vokusaya/app_webview/metrics_guid
    Filesize

    36B

    MD5

    7b70b20da01e01bf0877703aaf19829e

    SHA1

    6b5ab70502b47a8c0a83382e98dfa387128c23ba

    SHA256

    1c249c6daebcc6ede292ee583128a11e27eb99bbe34c08f27e3ade3b60290229

    SHA512

    d9690a0dff058f41f7c5baadb6af135779a93ae44b5baa5a079fb327ba798721519bdeb7cd9bc46f6ba23e26c79d33ec76c82edba11c90990101a48f268d35bb

    Download Submit

  • /data/user/0/com.bugomadokijowa.vokusaya/cache/WebView/Crashpad/settings.dat
    Filesize

    40B

    MD5

    b5043bdadcba14a3159f6f8e4c03a586

    SHA1

    a67b1e615adcdf0653ff197584fd685bc94861a9

    SHA256

    c9d835276d6444406f3365c756edb6eccf4f524f1a83a9dcb98171452d313970

    SHA512

    6ccf9e27059ac4cee1efa13a1a405a82ff4de8cc3abdb14ac946af6f069699a6cd1831e2d9fd18050db03c7410665f7501e9c9f26018a8f0c866e4345684382b

    Download Submit

  • /data/user/0/com.bugomadokijowa.vokusaya/cache/org.chromium.android_webview/Code Cache/js/index
    Filesize

    48B

    MD5

    6d7d499960179766cd4261d12dacc411

    SHA1

    e6f8553b0015e12b23cc551afe98763f3b1c9bed

    SHA256

    c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

    SHA512

    6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

    Download Submit

  • /data/user/0/com.bugomadokijowa.vokusaya/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
    Filesize

    96B

    MD5

    eda53d8dd833d74f83f31b005cd7594c

    SHA1

    8f4fb4262d2940c35204a749019be8a04a3102a3

    SHA256

    d598a829de68ba13f26ef08e64beb29bd2c8c6849f08cd886791e14bf7118160

    SHA512

    c8251233918b7f8dc8fe141ba60526c17c70680865d721f2946783c4483ac337113c5787f650743680b43db627c1d2da8cc4a8acb0e5d30e40fd30c33c8f6395

    Download Submit

  • /data/user/0/com.bugomadokijowa.vokusaya/no_backup/androidx.work.workdb
    Filesize

    8KB

    MD5

    b6ca8b30661a7844ed292db75a29a953

    SHA1

    8e0d397ab1f2ced1f143829084c3f53333743bdd

    SHA256

    63a219c7092be26641907c5f955aa977e7675e3922a8e4ee2af25bfed8c7bbfb

    SHA512

    d21ce3adf13d61369708ea000438f626973f20b08ca05a744c1cccb2d5e7c264a8af9c3ebd18a7a6a464d38e1c64146f8e881d29d71a0484dd94212315f6dceb

    Download Submit

  • /data/user/0/com.bugomadokijowa.vokusaya/no_backup/androidx.work.workdb-journal
    Filesize

    1KB

    MD5

    792a3f474e259df599d5a919e1a98fde

    SHA1

    e03653a0d91295b054dbd66e1131b0aca92a2814

    SHA256

    535f2e73fd82b489050b3f3aee6cae73ffcf9e4d16c13b4459236087ba70fda1

    SHA512

    ffe87febb8c52dbd042c39b7bf49ccb38a25dabdd46bd21a3b9b5c3cdad4eea6e9e526bef320ce65b004fcd5ceb14e4a4007f49b9e71acf0bbead485b5b842d9

    Download Submit

  • /data/user/0/com.bugomadokijowa.vokusaya/no_backup/androidx.work.workdb-shm
    Filesize

    16B

    MD5

    4ae71336e44bf9bf79d2752e234818a5

    SHA1

    e129f27c5103bc5cc44bcdf0a15e160d445066ff

    SHA256

    374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb

    SHA512

    0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

    Download Submit

  • /data/user/0/com.bugomadokijowa.vokusaya/no_backup/androidx.work.workdb-wal
    Filesize

    346KB

    MD5

    767a3b70937fc0dae37a7ecfd3fad016

    SHA1

    d495b05baf6986c9a83b8ef6f019e6a693b5fc1b

    SHA256

    ddac4ce234b48f35f588768e3e8ca2179ea1681bb2dad46e4237290a950a7e3e

    SHA512

    31b3f4f481382d2dd0720f2d94340d6ea7a7b5097634c923f03b681586494b3693fe8047f18748dfaa8c60a8cf29de486efd070ad1a4a1270bdda1cac3768a6f

    Download Submit

  • /data/user/0/com.bugomadokijowa.vokusaya/shared_prefs/WebViewChromiumPrefs.xml
    Filesize

    127B

    MD5

    6ef709b8536878951e87c29a1518fc2b

    SHA1

    24376c70b00152501b3d98df61fa7db435339172

    SHA256

    10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

    SHA512

    96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

    Download Submit

  • /data/user/0/com.bugomadokijowa.vokusaya/shared_prefs/settings.xml
    Filesize

    140B

    MD5

    fb7f9d886d0a3b1205cd645b22d60ad9

    SHA1

    013236f02e6dd94bc90ee2791d83c7adc885dd26

    SHA256

    bfc4f62e4351eaa78f0c20c2ef357bd4eaa3cd35441142ebc098a2b704198c52

    SHA512

    940b6596af3684104ac3d11612e261d6036d716f9c9cb13c62c58dc86ba0254cf72598d691d73800655cdd5647e9e0b3abec4e6db89e5a76e8a8ea4a94cf9f9f

    Download Submit

  • [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.bugomadokijowa.vokusaya/app_DynamicOptDex/OlAIOFd.json]
    Filesize

    1.5MB

    MD5

    e5655b6086c37472ba5e4d6875a46632

    SHA1

    278e74bd60c8682c8dd06ecf349f61fab3d07977

    SHA256

    1194d345776a065d3b46dab0d3d00651e69921cd0d94d8c8e8f3c44c8f781944

    SHA512

    9eba6c1427ecac5f1783151a2aa3d38b3dea26ff02e688d0cc92130abba154ae398676514603aa8cfc90dc7bab4e0b4e51e60f615871947e58282fa5b08b83f8

    Download Submit