ermac | 1e2950368a24eb74fbf4ae1fe070b009a3123e7821681a67058b92f03b058046

Analysis

max time kernel
3s
max time network
179s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
19/03/2025, 12:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e2950368a24eb74fbf4ae1fe070b009a3123e7821681a67058b92f03b058046.apk
Size

1.6MB
MD5

276cd63100ccbb6444c38699c3a80269
SHA1

e5a7723ceb027b0b429c65104d4cc16fcec16731
SHA256

1e2950368a24eb74fbf4ae1fe070b009a3123e7821681a67058b92f03b058046
SHA512

5e1c586b139a264efd889d0b6e289272690dbfae2d66c1a7f9b6d73c0297f90c022d166313be60c7d44668802bdceb8f57cf65bc00c11c8e835602f1c4789f06
SSDEEP

24576:blkMBm5zFdKJy2zpSacoH0jDIaDsG/mD0NH4LKFPgIWRjKmxRGVImgS76:blkKOdczpScxaDsG/myHzdXWRjaV/gSO

Score

10^/10

ermac banker evasion infostealer trojan

Malware Config

Signatures

Ermac
An Android banking trojan first seen in July 2021.
banker trojan infostealer ermac
Ermac family
ermac

Ermac2 payload 1 IoCs

resource	yara_rule
behavioral3/memory/4782-0.dex	family_ermac2

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.wofakiradesa.buvehu/[email protected]	4782	com.wofakiradesa.buvehu
/data/user/0/com.wofakiradesa.buvehu/[email protected]	4782	com.wofakiradesa.buvehu

com.wofakiradesa.buvehu
1⤵
- Loads dropped Dex/Jar
PID:4782

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.wofakiradesa.buvehu/.google/libgooglev1.so

Filesize
326KB

MD5
609a5b818ea46513fe8dae39bc138727

SHA1
34458ea3b8537fca43efe8e3ff488ed9c83a56e6

SHA256
48f6991213387355b1a17e11124de4f0923944c3f2c4869e06fc96a742d9cd49

SHA512
9c06c480633d6449532f45c70d71866389a8d1ed6eb1cb9621a3a59d2542fe0a8cb911de92d148473d24af47f548a1321ddef09423cfe831a34c6cded20cd57f

Download Submit
/data/data/com.wofakiradesa.buvehu/oat/x86_64/[email protected]

Filesize
348B

MD5
2089c668ff4e49c7b204b78573bea47a

SHA1
ccc3f7e5ec33899ea87e2255ed23603b3aa6300d

SHA256
8002ddabefc64506ca72079899d736603c6a8ca4acc9b9187e8143e93e830665

SHA512
4f6c15e7e3da786e8e8277b4caa4bf1c517947fd2ff26617e0fc95ad5c6f6517887b7bd2bfa04e55b2eba9e788f8ca24b284f22a9117053d834e09cac4a7ba61

Download Submit
/data/user/0/com.wofakiradesa.buvehu/[email protected]

Filesize
2.0MB

MD5
f2600a991c54a57cdefc97bd3ec30978

SHA1
b29ce9412b3d43eb3d1e7ea82c3b09d1bd44e3cc

SHA256
5e0d3db6e42bb0553edd569541c180f55c3e9af6f25943f09b7b41664d02d588

SHA512
690b5d335172aacca0f84d1a2517c474579b6ee6e66125bc013c0815ad07334b8f8646648e7448337970cc87f7fe3e6d7ae9deb209cd5ac4d81f33b266f00ff1

Download Submit