blackrock | cb3bc74583a9db083753ad994ad7b99a26e584dcb12adc6efc8699dcefdc7051

General

Target

CB3BC74583A9DB083753AD994AD7B99A26E584DCB12ADC6EFC8699DCEFDC7051.apk
Size

3.7MB
MD5

d9a961119f96ed632a2542d97b3a0ae2
SHA1

2d7554949e2dce191a9b73c6096ce2dab3c4c2b7
SHA256

cb3bc74583a9db083753ad994ad7b99a26e584dcb12adc6efc8699dcefdc7051
SHA512

8fe65a58d7509b6fca96ca7e926c86b1558b2ae735439a131a8d977879d19048f1b55275dc083c9595f74ceeea8815f211e133652c09c74014872d04cbb22f43

Score

10^/10

blackrock banker infostealer obfuscation ransomware trojan

Malware Config

Signatures

BlackRock
BlackRock is an android banker based on Xerxes banking Trojan.
banker trojan infostealer blackrock

BlackRock Payload 5 IoCs

Processes:

resource	yara_rule
/data/user/0/leg.tilt.rocket/app_DynamicOptDex/XH.json	family_blackrock
/data/user/0/leg.tilt.rocket/app_DynamicOptDex/XH.json	family_blackrock
/data/user/0/leg.tilt.rocket/app_DynamicOptDex/XH.json	family_blackrock
/data/user/0/leg.tilt.rocket/app_DynamicOptDex/XH.json	family_blackrock
/data/user/0/leg.tilt.rocket/app_DynamicOptDex/XH.json	family_blackrock

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

Processes:

leg.tilt.rocketleg.tilt.rocket:cproc

ioc	pid	process
/data/user/0/leg.tilt.rocket/app_DynamicOptDex/XH.json	3638	leg.tilt.rocket
/data/user/0/leg.tilt.rocket/app_DynamicOptDex/XH.json	3638	leg.tilt.rocket
/data/user/0/leg.tilt.rocket/app_DynamicOptDex/XH.json	3707	leg.tilt.rocket:cproc
/data/user/0/leg.tilt.rocket/app_DynamicOptDex/XH.json	3707	leg.tilt.rocket:cproc

Requests enabling of the accessibility settings. 1 IoCs

Processes:

leg.tilt.rocket:cproc

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS leg.tilt.rocket:cproc
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

leg.tilt.rocket:cproc

description ioc process

Framework API call javax.crypto.Cipher.doFinal leg.tilt.rocket:cproc

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	leg.tilt.rocket:cproc

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	leg.tilt.rocket:cproc

Uses reflection 54 IoCs

obfuscation

Processes:

leg.tilt.rocketleg.tilt.rocket:cproc

description	pid	process
Invokes method java.lang.Object.getClass	3638	leg.tilt.rocket
Invokes method android.content.res.AssetManager.addAssetPath	3638	leg.tilt.rocket
Invokes method android.app.ContextImpl.getAssets	3638	leg.tilt.rocket
Invokes method java.lang.Object.getClass	3638	leg.tilt.rocket
Invokes method android.content.res.AssetManager.open	3638	leg.tilt.rocket
Invokes method java.io.FilterInputStream.read	3638	leg.tilt.rocket
Invokes method java.io.FilterInputStream.read	3638	leg.tilt.rocket
Invokes method java.io.BufferedInputStream.read	3638	leg.tilt.rocket
Invokes method java.lang.Object.getClass	3638	leg.tilt.rocket
Invokes method java.io.BufferedInputStream.close	3638	leg.tilt.rocket
Invokes method java.lang.Object.getClass	3638	leg.tilt.rocket
Invokes method java.lang.String.getBytes	3638	leg.tilt.rocket
Invokes method java.lang.Object.getClass	3638	leg.tilt.rocket
Invokes method java.io.FileOutputStream.write	3638	leg.tilt.rocket
Invokes method java.lang.Object.getClass	3638	leg.tilt.rocket
Invokes method java.io.BufferedInputStream.close	3638	leg.tilt.rocket
Invokes method java.lang.Object.getClass	3638	leg.tilt.rocket
Invokes method java.io.FilterOutputStream.close	3638	leg.tilt.rocket
Invokes method android.app.ActivityThread.currentActivityThread	3638	leg.tilt.rocket
Acesses field android.app.ActivityThread.mPackages	3638	leg.tilt.rocket
Invokes method java.lang.reflect.Field.get	3638	leg.tilt.rocket
Invokes method java.lang.Object.getClass	3638	leg.tilt.rocket
Invokes method java.lang.ref.Reference.get	3638	leg.tilt.rocket
Invokes method java.lang.ref.Reference.get	3638	leg.tilt.rocket
Acesses field android.app.LoadedApk.mClassLoader	3638	leg.tilt.rocket
Invokes method java.lang.reflect.Field.get	3638	leg.tilt.rocket
Acesses field android.app.LoadedApk.mClassLoader	3638	leg.tilt.rocket
Invokes method java.lang.Object.getClass	3707	leg.tilt.rocket:cproc
Invokes method android.content.res.AssetManager.addAssetPath	3707	leg.tilt.rocket:cproc
Invokes method android.app.ContextImpl.getAssets	3707	leg.tilt.rocket:cproc
Invokes method java.lang.Object.getClass	3707	leg.tilt.rocket:cproc
Invokes method android.content.res.AssetManager.open	3707	leg.tilt.rocket:cproc
Invokes method java.io.FilterInputStream.read	3707	leg.tilt.rocket:cproc
Invokes method java.io.FilterInputStream.read	3707	leg.tilt.rocket:cproc
Invokes method java.io.BufferedInputStream.read	3707	leg.tilt.rocket:cproc
Invokes method java.lang.Object.getClass	3707	leg.tilt.rocket:cproc
Invokes method java.io.BufferedInputStream.close	3707	leg.tilt.rocket:cproc
Invokes method java.lang.Object.getClass	3707	leg.tilt.rocket:cproc
Invokes method java.lang.String.getBytes	3707	leg.tilt.rocket:cproc
Invokes method java.lang.Object.getClass	3707	leg.tilt.rocket:cproc
Invokes method java.io.FileOutputStream.write	3707	leg.tilt.rocket:cproc
Invokes method java.lang.Object.getClass	3707	leg.tilt.rocket:cproc
Invokes method java.io.BufferedInputStream.close	3707	leg.tilt.rocket:cproc
Invokes method java.lang.Object.getClass	3707	leg.tilt.rocket:cproc
Invokes method java.io.FilterOutputStream.close	3707	leg.tilt.rocket:cproc
Invokes method android.app.ActivityThread.currentActivityThread	3707	leg.tilt.rocket:cproc
Acesses field android.app.ActivityThread.mPackages	3707	leg.tilt.rocket:cproc
Invokes method java.lang.reflect.Field.get	3707	leg.tilt.rocket:cproc
Invokes method java.lang.Object.getClass	3707	leg.tilt.rocket:cproc
Invokes method java.lang.ref.Reference.get	3707	leg.tilt.rocket:cproc
Invokes method java.lang.ref.Reference.get	3707	leg.tilt.rocket:cproc
Acesses field android.app.LoadedApk.mClassLoader	3707	leg.tilt.rocket:cproc
Invokes method java.lang.reflect.Field.get	3707	leg.tilt.rocket:cproc
Acesses field android.app.LoadedApk.mClassLoader	3707	leg.tilt.rocket:cproc

leg.tilt.rocket
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:3638

leg.tilt.rocket:cproc
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses Crypto APIs (Might try to encrypt user data).
- Uses reflection
PID:3707

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/leg.tilt.rocket/app_DynamicOptDex/XH.json

MD5
1a53468638f41a1c2d0069df97f753a8

SHA1
6ee8c064d739e3da24a0b7b9dcbac2fc09b02264

SHA256
e6ff30ff80c63d0c0fcc343fe0dad08db1138f247cb0edf227dadc55cfc66441

SHA512
2d0a0c51bada6fd1f83aa37c34556b9edda12ac1591507a1eba819376b7d630c11666ce3c95258f52747f5120b03fffbaee5def10602c77d2626898412e019a6

Download Submit
/data/user/0/leg.tilt.rocket/app_DynamicOptDex/XH.json

MD5
1a53468638f41a1c2d0069df97f753a8

SHA1
6ee8c064d739e3da24a0b7b9dcbac2fc09b02264

SHA256
e6ff30ff80c63d0c0fcc343fe0dad08db1138f247cb0edf227dadc55cfc66441

SHA512
2d0a0c51bada6fd1f83aa37c34556b9edda12ac1591507a1eba819376b7d630c11666ce3c95258f52747f5120b03fffbaee5def10602c77d2626898412e019a6

Download Submit
/data/user/0/leg.tilt.rocket/app_DynamicOptDex/XH.json

MD5
1a53468638f41a1c2d0069df97f753a8

SHA1
6ee8c064d739e3da24a0b7b9dcbac2fc09b02264

SHA256
e6ff30ff80c63d0c0fcc343fe0dad08db1138f247cb0edf227dadc55cfc66441

SHA512
2d0a0c51bada6fd1f83aa37c34556b9edda12ac1591507a1eba819376b7d630c11666ce3c95258f52747f5120b03fffbaee5def10602c77d2626898412e019a6

Download Submit
/data/user/0/leg.tilt.rocket/app_DynamicOptDex/XH.json

MD5
1a53468638f41a1c2d0069df97f753a8

SHA1
6ee8c064d739e3da24a0b7b9dcbac2fc09b02264

SHA256
e6ff30ff80c63d0c0fcc343fe0dad08db1138f247cb0edf227dadc55cfc66441

SHA512
2d0a0c51bada6fd1f83aa37c34556b9edda12ac1591507a1eba819376b7d630c11666ce3c95258f52747f5120b03fffbaee5def10602c77d2626898412e019a6

Download Submit
/data/user/0/leg.tilt.rocket/app_DynamicOptDex/XH.json

MD5
1a53468638f41a1c2d0069df97f753a8

SHA1
6ee8c064d739e3da24a0b7b9dcbac2fc09b02264

SHA256
e6ff30ff80c63d0c0fcc343fe0dad08db1138f247cb0edf227dadc55cfc66441

SHA512
2d0a0c51bada6fd1f83aa37c34556b9edda12ac1591507a1eba819376b7d630c11666ce3c95258f52747f5120b03fffbaee5def10602c77d2626898412e019a6

Download Submit
/data/user/0/leg.tilt.rocket/app_DynamicOptDex/oat/XH.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads