Overview

overview

10

Static

static

6

a4874ebfe4...66.apk

 

a4874ebfe4...66.apk

android-10-x64

10

a4874ebfe4...66.apk

android-11-x64

10

Analysis

  • max time kernel
    2481655s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    20-12-2023 10:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a4874ebfe480449a897f86c87a490fbc4c2276d5bad4ff92bc93e2e8ae8efc66.apk

  • Size

    2.1MB

  • MD5

    abb4a1192d0919da01aa87b53538fb7c

  • SHA1

    b998c6de3c3835774eea6519102ce1fc040e33a3

  • SHA256

    a4874ebfe480449a897f86c87a490fbc4c2276d5bad4ff92bc93e2e8ae8efc66

  • SHA512

    32c922b6ae4f12e614b44242d35f662fa22cda62401eac4eb5b26ba25cd72470ccd756fa96674210fa7e63ef9a63da0066107f820abd51acc0f3278f8990c8a9

  • SSDEEP

    49152:2mGSPqOLqtmZvQ/UOy6B4Kc4fbYrkJxfyO7W3+A:29SdLqL/UOzboO7W3+A

Score
10/10
ermacbankerinfostealerstealthtrojan

Malware Config

Extracted

Family

ermac

C2

http://193.106.191.118:3434

AES_key
AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 1 IoCs
  • Makes use of the framework's Accessibility service 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Acquires the wake lock 1 IoCs
  • Queries the unique device ID (IMEI, MEID, IMSI)
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.mazocexayori.kute
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Loads dropped Dex/Jar
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5082

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.mazocexayori.kute/app_DynamicOptDex/SRoCr.json
    Filesize

    455KB

    MD5

    8b15d6d054396b7f2592bb15715a93f8

    SHA1

    68578410100527c2a749379c0c198e7c9e7a2bdd

    SHA256

    0cb370277d333e8d80d5b89983d0986015ede54b8a0a346878bbf97d68cf366b

    SHA512

    d85b174e376adb31b5d11068998510fc1bf1715ebf57de62187e9410c346a1df23ffeff11a32c0e3b514138e56c97cb81ac276499cab3c037c9f74cf8eb24e88

    Download Submit

  • /data/data/com.mazocexayori.kute/app_DynamicOptDex/SRoCr.json
    Filesize

    455KB

    MD5

    370511dd2e2ef2799ec560da8859c7a6

    SHA1

    6649509a66435985de21a3ede2059834317fde33

    SHA256

    6647cb8140d4a15a6a1c613dd72fe4fc63929de853ec617d0adaa7b8756f2650

    SHA512

    c57094b433af656a95ea3bdd3cb64eadbb0e3d1f9a9b28a210ac9d487d99f1a5fdbdab4df0046b72f3f8160765e644177d7fd29f6ebf812d4e3c95bc686f3b98

    Download Submit

  • /data/data/com.mazocexayori.kute/app_DynamicOptDex/oat/SRoCr.json.cur.prof
    Filesize

    659B

    MD5

    2fddee2ff0f8ad7548ef33513f146a77

    SHA1

    5e99d8d392d3ba9e793e69d082a3f086dce6a01d

    SHA256

    d30e53469e580f8e61db6aad756acc2e7e38f4b6484386f4f0807a3f4d0452e7

    SHA512

    51ba545e7dafcabe540c8b0cb7fa366cb2f35dcebc8c8025da6bf3bdde45b9cdf104af8f1e368e48a136142e984e19cc8a501a6fd00e93499cf3b22a7421306e

    Download Submit

  • /data/user/0/com.mazocexayori.kute/app_DynamicOptDex/SRoCr.json
    Filesize

    899KB

    MD5

    5563d646c4d02026b36d98acd41bc6dd

    SHA1

    27165c74688e58352678cad97ae22598fbcd948f

    SHA256

    78a11223e3450f6d10e7baf5d3f1e8a948e64233fb735e5b9bb7a799717ba11d

    SHA512

    ac0731e02f33a49ae051e49e89b9ca04dab7bbaeb75772f13fe9040cfc4d53834335bef8c5356f33df48ac7621d538a59716b9dfca4048878bb3b7f34f9bca1b

    Download Submit