Overview

overview

10

Static

static

6

9eceb9cfa1...ea.apk

 

9eceb9cfa1...ea.apk

android-10-x64

10

9eceb9cfa1...ea.apk

android-11-x64

10

Analysis

  • max time kernel
    2466695s
  • max time network
    159s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    20-12-2023 09:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9eceb9cfa14c5f82cf31bdced380faec9bf35060defe355c066e1acb36ba66ea.apk

  • Size

    2.0MB

  • MD5

    26bbb10b28f49e3f0802e515b80b433c

  • SHA1

    e92586db0d1e1699baba2de748562d11b2177380

  • SHA256

    9eceb9cfa14c5f82cf31bdced380faec9bf35060defe355c066e1acb36ba66ea

  • SHA512

    1febd124383efddad324b0cc6f0ce73fd231f0e8bcc85e076622533a66d30b3a86505acb079cce77d258f155ccc8522c645da49f5bd90cf2cc15d20560166ac0

  • SSDEEP

    49152:ybKBBbUq0PhXIYr8NdT64fm+OPQOO/AP8bW43:lBBb7gXI28bT2+f33

Score
10/10
ermacbankerinfostealerstealthtrojan

Malware Config

Extracted

Family

ermac

C2

http://193.106.191.118:3434

AES_key
AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 1 IoCs
  • Makes use of the framework's Accessibility service 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI)
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.mazocexayori.kute
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5078

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.mazocexayori.kute/app_DynamicOptDex/UNwnOrK.json
    Filesize

    455KB

    MD5

    b2693b13d14bc3fb7a2f439ac13a9e1a

    SHA1

    a2660240ad46e39bc74dc3c6e77c284e40fec464

    SHA256

    3d34855c12421965f240c93e5d69d7dc7a445e5a723f738513bd9c971a1e44a5

    SHA512

    0c62f9d640f301a12ed44f55be04a0ef3342022a87a8968444d1c4b04bdf8c66cbf45fc94e51eaf9e4ebe307140333ffd1ccccee8cffc879ee792617f3aad670

    Download Submit

  • /data/data/com.mazocexayori.kute/app_DynamicOptDex/UNwnOrK.json
    Filesize

    455KB

    MD5

    36c2592e0d6ccc42d1bfb9ead0dd381c

    SHA1

    de6dfb28063fee3dfb8b6557e826196b1ceb703e

    SHA256

    efb1d45fa091001b7ec273a6660c62e17a1d9e89d3fc34798894c8e9b73ddf7f

    SHA512

    c85ae4455a455532933ce55aa6a5c9c0e9c6d567a3b2d9fa858105df3a3802d55ee39297126d9f02501aea2bd187efc49505b26ada672dff2eca064751a66dcd

    Download Submit

  • /data/data/com.mazocexayori.kute/app_DynamicOptDex/oat/UNwnOrK.json.cur.prof
    Filesize

    647B

    MD5

    0b5894d614c96514ab8b0ca3616ab168

    SHA1

    bb9d1956cc7d8670a61626152b4357ab1332e3d5

    SHA256

    93c3ec9c1b7114df313da7a615bc401d31dff497c83ad7d6a15f425aa9d14abf

    SHA512

    73db2f5fc1da7215c1491f38a30660907a2517cbb2b6e2499ae3a73a9b38ef013f4221b7ff344fb08a1b1542379996bcc1de64df790dc07d77e55afa0e149710

    Download Submit

  • /data/user/0/com.mazocexayori.kute/app_DynamicOptDex/UNwnOrK.json
    Filesize

    899KB

    MD5

    469e764d83595045fb5f0d08b03adb3a

    SHA1

    9b31424e2be9320e4484235691c2e39aaf870271

    SHA256

    d4e5fc87c9c19bcaa58bd78327d7eb240c983435cd6eaa772424c4166248177c

    SHA512

    7caca18d874d3731cc7a5ebfc9f1ddfe87793557e00b5592e909f333f6e1a1dbb12040132d51ba02567360720d54e716102c212f711b9a80ceec8c3f1194e56f

    Download Submit