ermac | 861035d786e4ba1ec206fcb22abf18e682b3c8481475e38fee54757fe8481c3b

Resubmissions

03-02-2024 23:50

240203-3vjzfacff5 10

03-02-2024 22:00

240203-1wnynsbad4 10

Analysis

max time kernel
7s
max time network
141s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
03-02-2024 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

861035d786e4ba1ec206fcb22abf18e682b3c8481475e38fee54757fe8481c3b.apk
Size

2.0MB
MD5

7913e9cd5a581f61748f528242595843
SHA1

6b46d917515c50d5d658bc7f73dd408a7c77eec7
SHA256

861035d786e4ba1ec206fcb22abf18e682b3c8481475e38fee54757fe8481c3b
SHA512

379617b6e340052a4148e27ea4ac606e105e44179b7d367e922463b853e8c86217de53c208295e3ea4c7f5eca4eee200094de9edab1d8cc5d1703bf4e16d7af2
SSDEEP

49152:8dLFSkaUlfhR7hQsgeHqGQfRIycGDIvdrGe:8dLFVhTqGQfiRGDab

Score

10^/10

ermac banker infostealer trojan

Malware Config

Signatures

Ermac
An Android banking trojan first seen in July 2021.
banker trojan infostealer ermac

Ermac2 payload 2 IoCs

Processes:

resource	yara_rule
/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin	family_ermac2
/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin	family_ermac2

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.lapagopomipavu.zuke

ioc	pid	process
/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin	4475	com.lapagopomipavu.zuke
/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin	4475	com.lapagopomipavu.zuke

com.lapagopomipavu.zuke
1⤵
- Loads dropped Dex/Jar
PID:4475

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin

Filesize
8KB

MD5
de82e21a08f940894bf867da7811016a

SHA1
a7150b80eab9bfe7c26c62206a134d433ce40798

SHA256
dc4a395ddda171a03e1779bc7b345e417d4bd21f0e504eb74950e75fc3204316

SHA512
6e54f9e74a466179209165dda63a12087f67ad9bcdd961538e2b91819cfde3bfb1188c6b3853f0093039be4aecc456c4e2252e11c59a00053be8102cb9aef2f9

Download Submit
/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin

Filesize
1.7MB

MD5
d75cf9b3238dd299ca9c2e41bb286b0e

SHA1
597f5b25648eff50dbb72962a592b4be98c60e16

SHA256
81ee1aaf066b158109b5208dfa554683c1a9681331b82c9e22f5023bb993552d

SHA512
65062731b58d675d890c9bf4265a1dec5959a8eba0691f373e330262b51d8593a2738a6abfcc54022dc65952aa49064c26e36065067b3daac50446f8812b4fee

Download Submit
/data/user/0/com.lapagopomipavu.zuke/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/user/0/com.lapagopomipavu.zuke/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
69e8e67692ef7bb98b4db08b60a55430

SHA1
39ab095d7b390b97790c3c31e0d44850a0be5c0e

SHA256
53bdfb9018c4d26517cf0024e7b4519e272099a391fdfc76cd821b2dec068e36

SHA512
67eef00e6d627771980ef060a0563857d05fd464d70784b318cc62cda5a8d4257065706344fe2d08124fffce7c15eb3c27c373d696337d7d223b2314391a5081

Download Submit
/data/user/0/com.lapagopomipavu.zuke/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
8107fd0560337e37249ee641ec5c9850

SHA1
8e4f852c0636b60a3c5ea6032673cff113bb86e8

SHA256
1c78ef3c40c7d7f985c3a6992855c71d2059585ef4555b2459f7176c3db7feef

SHA512
bbd44bdf231878623f3d4732df1f80228642c3505febe230ea8a5d2c26f2f466f0ac2b717ff0d78849c62da80ea9555eba5c49ba79e6be099641f542d35d52c9

Download Submit