ermac | 861035d786e4ba1ec206fcb22abf18e682b3c8481475e38fee54757fe8481c3b

Resubmissions

03-02-2024 23:50

240203-3vjzfacff5 10

03-02-2024 22:00

240203-1wnynsbad4 10

Analysis

max time kernel
8s
max time network
137s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
03-02-2024 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

861035d786e4ba1ec206fcb22abf18e682b3c8481475e38fee54757fe8481c3b.apk
Size

2.0MB
MD5

7913e9cd5a581f61748f528242595843
SHA1

6b46d917515c50d5d658bc7f73dd408a7c77eec7
SHA256

861035d786e4ba1ec206fcb22abf18e682b3c8481475e38fee54757fe8481c3b
SHA512

379617b6e340052a4148e27ea4ac606e105e44179b7d367e922463b853e8c86217de53c208295e3ea4c7f5eca4eee200094de9edab1d8cc5d1703bf4e16d7af2
SSDEEP

49152:8dLFSkaUlfhR7hQsgeHqGQfRIycGDIvdrGe:8dLFVhTqGQfiRGDab

Score

10^/10

ermac banker infostealer trojan

Malware Config

Signatures

Ermac
An Android banking trojan first seen in July 2021.
banker trojan infostealer ermac

Ermac2 payload 2 IoCs

Processes:

resource	yara_rule
/data/data/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin	family_ermac2
/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin	family_ermac2

Loads dropped Dex/Jar 3 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.lapagopomipavu.zuke/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/oat/x86/classes-v1.odex --compiler-filter=quicken --class-loader-context=&

ioc	pid	process
/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin	4231	com.lapagopomipavu.zuke
/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin	4259	/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/oat/x86/classes-v1.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin	4231	com.lapagopomipavu.zuke

com.lapagopomipavu.zuke
1⤵
- Loads dropped Dex/Jar
PID:4231
- /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/oat/x86/classes-v1.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4259

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin

Filesize
1.0MB

MD5
22cf59c72ad95accb7abb24b557ef8b1

SHA1
a57ebc6d1da9ce4a5112d5f3cbfa155a846bca09

SHA256
8ac695b1c93e366f48eb59caffe572a44e01645659d02b572c5f77a4050577f2

SHA512
523c17dd8902d0e70a3391cd07d0ef1f30881386277df0448b243cd3217903306c459c316605786100058d63621dfb0687dc8346d39b800d9162b71e5f25129c

Download Submit
/data/data/com.lapagopomipavu.zuke/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.lapagopomipavu.zuke/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
0ed4e82496b98ae5c0d2124759e3abc4

SHA1
20b906611fcf5486b99e3e8262548ddccba5e5ea

SHA256
5eb80f8b10580b57663cca0fd4131470773da0f6026da502b7ca72c157eec47e

SHA512
bd2ae43e9a76eb01e914060b0c4e18eafb02cd9c18103310ddc7b0d02e125f25f29e036de32f04eb7fed73090ae18c4cc6bccf2dd35e21c7d6d13d5655629f3c

Download Submit
/data/data/com.lapagopomipavu.zuke/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
1f4e88ef4a86bc97e7dc1dd954dc87bb

SHA1
3ef644f213bc6394adf68d4f5654caaa38ef2799

SHA256
a7cc4cd565acce2eb32da5e10eb75bd15a131c9fead7f94eb31c79da8d683f58

SHA512
aa9bf3f6024338751aa150da42dbf0140cafa202ec1909af8a9395b3d89ed7b4c20a5015ad4b5c3cc0b4ce878f04590db3cd1d654117930207e186b0ee2e2668

Download Submit
/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin

Filesize
1.7MB

MD5
d75cf9b3238dd299ca9c2e41bb286b0e

SHA1
597f5b25648eff50dbb72962a592b4be98c60e16

SHA256
81ee1aaf066b158109b5208dfa554683c1a9681331b82c9e22f5023bb993552d

SHA512
65062731b58d675d890c9bf4265a1dec5959a8eba0691f373e330262b51d8593a2738a6abfcc54022dc65952aa49064c26e36065067b3daac50446f8812b4fee

Download Submit