ermac | 1e2950368a24eb74fbf4ae1fe070b009a3123e7821681a67058b92f03b058046

Analysis

max time kernel
2s
max time network
178s
platform
android-10_x64
resource
android-x64-20240910-en
resource tags

arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
submitted
19/03/2025, 12:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e2950368a24eb74fbf4ae1fe070b009a3123e7821681a67058b92f03b058046.apk
Size

1.6MB
MD5

276cd63100ccbb6444c38699c3a80269
SHA1

e5a7723ceb027b0b429c65104d4cc16fcec16731
SHA256

1e2950368a24eb74fbf4ae1fe070b009a3123e7821681a67058b92f03b058046
SHA512

5e1c586b139a264efd889d0b6e289272690dbfae2d66c1a7f9b6d73c0297f90c022d166313be60c7d44668802bdceb8f57cf65bc00c11c8e835602f1c4789f06
SSDEEP

24576:blkMBm5zFdKJy2zpSacoH0jDIaDsG/mD0NH4LKFPgIWRjKmxRGVImgS76:blkKOdczpScxaDsG/myHzdXWRjaV/gSO

Score

10^/10

ermac banker evasion infostealer trojan

Malware Config

Signatures

Ermac
An Android banking trojan first seen in July 2021.
banker trojan infostealer ermac
Ermac family
ermac

Ermac2 payload 1 IoCs

resource	yara_rule
behavioral2/memory/5130-0.dex	family_ermac2

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.wofakiradesa.buvehu/[email protected]	5130	com.wofakiradesa.buvehu
/data/user/0/com.wofakiradesa.buvehu/[email protected]	5130	com.wofakiradesa.buvehu

com.wofakiradesa.buvehu
1⤵
- Loads dropped Dex/Jar
PID:5130

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wofakiradesa.buvehu/.google/libgooglev1.so

Filesize
326KB

MD5
609a5b818ea46513fe8dae39bc138727

SHA1
34458ea3b8537fca43efe8e3ff488ed9c83a56e6

SHA256
48f6991213387355b1a17e11124de4f0923944c3f2c4869e06fc96a742d9cd49

SHA512
9c06c480633d6449532f45c70d71866389a8d1ed6eb1cb9621a3a59d2542fe0a8cb911de92d148473d24af47f548a1321ddef09423cfe831a34c6cded20cd57f

Download Submit
/data/data/com.wofakiradesa.buvehu/oat/x86_64/[email protected]

Filesize
163B

MD5
7e5928176653e2d41fb40e118f1ebd9a

SHA1
d98e435623a9c8033f5fffe7d435fdee49ac13a4

SHA256
ce1c72c2446270c95c45bb4f9b1987ab37e9a46dfe2663dc780d20081976f328

SHA512
87d485a0920a2039a26578e89907bcdc7a1a32aa2dd7292024602c976894a89a823a49b41829808afcef8a277fa61e13a712a663c7a93de3ea314d5f5496c9d8

Download Submit
/data/user/0/com.wofakiradesa.buvehu/[email protected]

Filesize
2.0MB

MD5
f2600a991c54a57cdefc97bd3ec30978

SHA1
b29ce9412b3d43eb3d1e7ea82c3b09d1bd44e3cc

SHA256
5e0d3db6e42bb0553edd569541c180f55c3e9af6f25943f09b7b41664d02d588

SHA512
690b5d335172aacca0f84d1a2517c474579b6ee6e66125bc013c0815ad07334b8f8646648e7448337970cc87f7fe3e6d7ae9deb209cd5ac4d81f33b266f00ff1

Download Submit