ermac | 861035d786e4ba1ec206fcb22abf18e682b3c8481475e38fee54757fe8481c3b

Resubmissions

03-02-2024 23:50

240203-3vjzfacff5 10

03-02-2024 22:00

240203-1wnynsbad4 10

Analysis

max time kernel
5s
max time network
154s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
03-02-2024 23:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

861035d786e4ba1ec206fcb22abf18e682b3c8481475e38fee54757fe8481c3b.apk
Size

2.0MB
MD5

7913e9cd5a581f61748f528242595843
SHA1

6b46d917515c50d5d658bc7f73dd408a7c77eec7
SHA256

861035d786e4ba1ec206fcb22abf18e682b3c8481475e38fee54757fe8481c3b
SHA512

379617b6e340052a4148e27ea4ac606e105e44179b7d367e922463b853e8c86217de53c208295e3ea4c7f5eca4eee200094de9edab1d8cc5d1703bf4e16d7af2
SSDEEP

49152:8dLFSkaUlfhR7hQsgeHqGQfRIycGDIvdrGe:8dLFVhTqGQfiRGDab

Score

10^/10

ermac banker infostealer trojan

Malware Config

Signatures

Ermac
An Android banking trojan first seen in July 2021.
banker trojan infostealer ermac

Ermac2 payload 2 IoCs

Processes:

resource	yara_rule
/data/data/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin	family_ermac2
/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin	family_ermac2

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.lapagopomipavu.zuke

ioc	pid	process
/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin	5057	com.lapagopomipavu.zuke
/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin	5057	com.lapagopomipavu.zuke

com.lapagopomipavu.zuke
1⤵
- Loads dropped Dex/Jar
PID:5057

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin

Filesize
10KB

MD5
301a517a2a6d68b572c6d1f729ffd981

SHA1
2929ad52858b63d8d9e54680baf9449c7140119b

SHA256
53a1b5b6788f244461e6eebf6d2db2fdccf5d4e164bdc4656802b71547570564

SHA512
70ba3c68b3444473b58a1217ac1e405bb2d7b44f88ba55d3a9ee085a942265d2ce7e4c689b422176d8887950799a1b7961a137f035aa1271a7c23dcc360b2f25

Download Submit
/data/data/com.lapagopomipavu.zuke/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.lapagopomipavu.zuke/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
37d3144e088e7ee848d73ddf16295c92

SHA1
be1a839d6d084721710bbb5d29287978d0867bee

SHA256
0ed6e373ef0d92f91ff41fe05e0ae354a6d6eb0fd3a6347cee8606279d53f757

SHA512
50c2ee6a697dd88081c7d125137a768ed54438bd021d9d0698b36f118397c9b0ad42edf517db8869d828ac80200ad5ecf24ddf9a67c60cc5c87af731c9420818

Download Submit
/data/data/com.lapagopomipavu.zuke/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
1503e34d173c756cbfa90e835eef7e6f

SHA1
232ca7bacc6441f67663d5c31e90e26367973579

SHA256
9e1e0070d788241eadd211ce8ee0968f9f264c05e57de29afcf299b3f28302a6

SHA512
5beee5674282cb322d26917f4974dc0fab69821f5b31e9650b1b422d1bfbd7a3abf947eaa910f17c73cf36e6ff59585e404fb596a1813ef98bb3a4cdcd2a306c

Download Submit
/data/user/0/com.lapagopomipavu.zuke/app_apkprotector_dex/classes-v1.bin

Filesize
1.7MB

MD5
d75cf9b3238dd299ca9c2e41bb286b0e

SHA1
597f5b25648eff50dbb72962a592b4be98c60e16

SHA256
81ee1aaf066b158109b5208dfa554683c1a9681331b82c9e22f5023bb993552d

SHA512
65062731b58d675d890c9bf4265a1dec5959a8eba0691f373e330262b51d8593a2738a6abfcc54022dc65952aa49064c26e36065067b3daac50446f8812b4fee

Download Submit