ermac | 861035d786e4ba1ec206fcb22abf18e682b3c8481475e38fee54757fe8481c3b

Resubmissions

03-02-2024 23:50

240203-3vjzfacff5 10

03-02-2024 22:00

240203-1wnynsbad4 10

Analysis

max time kernel
7s
max time network
153s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
03-02-2024 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

861035d786e4ba1ec206fcb22abf18e682b3c8481475e38fee54757fe8481c3b.apk
Size

2.0MB
MD5

7913e9cd5a581f61748f528242595843
SHA1

6b46d917515c50d5d658bc7f73dd408a7c77eec7
SHA256

861035d786e4ba1ec206fcb22abf18e682b3c8481475e38fee54757fe8481c3b
SHA512

379617b6e340052a4148e27ea4ac606e105e44179b7d367e922463b853e8c86217de53c208295e3ea4c7f5eca4eee200094de9edab1d8cc5d1703bf4e16d7af2
SSDEEP

49152:8dLFSkaUlfhR7hQsgeHqGQfRIycGDIvdrGe:8dLFVhTqGQfiRGDab

Score

10^/10

ermac banker infostealer trojan

Malware Config

Signatures

Ermac
An Android banking trojan first seen in July 2021.
banker trojan infostealer ermac

Ermac2 payload 2 IoCs

Processes:

resource	yara_rule
/data/data/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin	family_ermac2
/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin	family_ermac2

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.lapagopomipavu.zuke

ioc	pid	process
/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin	5063	com.lapagopomipavu.zuke
/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin	5063	com.lapagopomipavu.zuke

com.lapagopomipavu.zuke
1⤵
- Loads dropped Dex/Jar
PID:5063

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin

Filesize
14KB

MD5
a7df3e54a35cc4d454b42bdadea66b30

SHA1
9211ebd794fc870bac3950cc9e4d5f05582e0fa1

SHA256
84ea5dde87eaf46694501cbdc2a912d784be13d7fae5dff3a0848a684b44713d

SHA512
ca3b2ae7d5e12b9643ab1042f76e55a34df2db6bba28c4b4c427f22bd6f9e183758591daecd5fb805f8c4071e36b339ce9e3c3a4df841398f75a5d0a91f076f2

Download Submit
/data/data/com.lapagopomipavu.zuke/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.lapagopomipavu.zuke/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
09e58ccc381aad95c989d5fc4ebb069c

SHA1
1220de2d9ee940b1c088489dc38521a7f51ac761

SHA256
0a0c28f71549d644ec3223c89be9cb9d3fb01104a1998d3214bae5d8ddfbb61e

SHA512
146ece622c95c1b1461333e772c83e5f212f1a13132e3f55c16a2c06c01fb197239e592444f875b04c0b6af05e28f8d59aa969a5b564c8f6ada768ebe256e009

Download Submit
/data/data/com.lapagopomipavu.zuke/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.lapagopomipavu.zuke/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
d375196ac98aa251aecd9c27b23429d6

SHA1
1968c29c147465db9b49aeeb6a48d87ff8cabfa8

SHA256
01e3d0c975eee32548d720c543a56f25d8471cd08d23e16a30b22e00b729b862

SHA512
c5aab5c52e667e464e494ac2ef67012ff5580829a5b4a4760c6f791feee456d049675c48a1c4c435a902f6a82dcdeefdeda15cd745318b403d2f1901cfca98dc

Download Submit
/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin

Filesize
1.7MB

MD5
d75cf9b3238dd299ca9c2e41bb286b0e

SHA1
597f5b25648eff50dbb72962a592b4be98c60e16

SHA256
81ee1aaf066b158109b5208dfa554683c1a9681331b82c9e22f5023bb993552d

SHA512
65062731b58d675d890c9bf4265a1dec5959a8eba0691f373e330262b51d8593a2738a6abfcc54022dc65952aa49064c26e36065067b3daac50446f8812b4fee

Download Submit