blackrock | cb3bc74583a9db083753ad994ad7b99a26e584dcb12adc6efc8699dcefdc7051

Resubmissions

15/06/2021, 23:24

210615-csdph6r2wn 10

14/05/2021, 12:51

210514-gvbw3h83z2 1

Analysis

max time kernel
302012s
max time network
153s
platform
android_x64
resource
android-x64
submitted
15/06/2021, 23:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CB3BC74583A9DB083753AD994AD7B99A26E584DCB12ADC6EFC8699DCEFDC7051.apk
Size

3.7MB
MD5

d9a961119f96ed632a2542d97b3a0ae2
SHA1

2d7554949e2dce191a9b73c6096ce2dab3c4c2b7
SHA256

cb3bc74583a9db083753ad994ad7b99a26e584dcb12adc6efc8699dcefdc7051
SHA512

8fe65a58d7509b6fca96ca7e926c86b1558b2ae735439a131a8d977879d19048f1b55275dc083c9595f74ceeea8815f211e133652c09c74014872d04cbb22f43

Score

10^/10

blackrock banker infostealer obfuscation ransomware trojan

Malware Config

Signatures

BlackRock
BlackRock is an android banker based on Xerxes banking Trojan.
banker trojan infostealer blackrock

BlackRock Payload 5 IoCs

resource	yara_rule
behavioral1/files/3638-0.dat	family_blackrock
behavioral1/memory/3638-0.dex	family_blackrock
behavioral1/memory/3638-1.dex	family_blackrock
behavioral1/memory/3707-0.dex	family_blackrock
behavioral1/memory/3707-1.dex	family_blackrock

Loads dropped Dex/Jar 4 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/leg.tilt.rocket/app_DynamicOptDex/XH.json	3638	leg.tilt.rocket
/data/user/0/leg.tilt.rocket/app_DynamicOptDex/XH.json	3638	leg.tilt.rocket
/data/user/0/leg.tilt.rocket/app_DynamicOptDex/XH.json	3707	leg.tilt.rocket:cproc
/data/user/0/leg.tilt.rocket/app_DynamicOptDex/XH.json	3707	leg.tilt.rocket:cproc

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	leg.tilt.rocket:cproc

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	leg.tilt.rocket:cproc

Uses reflection 54 IoCs

obfuscation

description	pid	Process
Invokes method java.lang.Object.getClass	3638	leg.tilt.rocket
Invokes method android.content.res.AssetManager.addAssetPath	3638	leg.tilt.rocket
Invokes method android.app.ContextImpl.getAssets	3638	leg.tilt.rocket
Invokes method java.lang.Object.getClass	3638	leg.tilt.rocket
Invokes method android.content.res.AssetManager.open	3638	leg.tilt.rocket
Invokes method java.io.FilterInputStream.read	3638	leg.tilt.rocket
Invokes method java.io.FilterInputStream.read	3638	leg.tilt.rocket
Invokes method java.io.BufferedInputStream.read	3638	leg.tilt.rocket
Invokes method java.lang.Object.getClass	3638	leg.tilt.rocket
Invokes method java.io.BufferedInputStream.close	3638	leg.tilt.rocket
Invokes method java.lang.Object.getClass	3638	leg.tilt.rocket
Invokes method java.lang.String.getBytes	3638	leg.tilt.rocket
Invokes method java.lang.Object.getClass	3638	leg.tilt.rocket
Invokes method java.io.FileOutputStream.write	3638	leg.tilt.rocket
Invokes method java.lang.Object.getClass	3638	leg.tilt.rocket
Invokes method java.io.BufferedInputStream.close	3638	leg.tilt.rocket
Invokes method java.lang.Object.getClass	3638	leg.tilt.rocket
Invokes method java.io.FilterOutputStream.close	3638	leg.tilt.rocket
Invokes method android.app.ActivityThread.currentActivityThread	3638	leg.tilt.rocket
Acesses field android.app.ActivityThread.mPackages	3638	leg.tilt.rocket
Invokes method java.lang.reflect.Field.get	3638	leg.tilt.rocket
Invokes method java.lang.Object.getClass	3638	leg.tilt.rocket
Invokes method java.lang.ref.Reference.get	3638	leg.tilt.rocket
Invokes method java.lang.ref.Reference.get	3638	leg.tilt.rocket
Acesses field android.app.LoadedApk.mClassLoader	3638	leg.tilt.rocket
Invokes method java.lang.reflect.Field.get	3638	leg.tilt.rocket
Acesses field android.app.LoadedApk.mClassLoader	3638	leg.tilt.rocket
Invokes method java.lang.Object.getClass	3707	leg.tilt.rocket:cproc
Invokes method android.content.res.AssetManager.addAssetPath	3707	leg.tilt.rocket:cproc
Invokes method android.app.ContextImpl.getAssets	3707	leg.tilt.rocket:cproc
Invokes method java.lang.Object.getClass	3707	leg.tilt.rocket:cproc
Invokes method android.content.res.AssetManager.open	3707	leg.tilt.rocket:cproc
Invokes method java.io.FilterInputStream.read	3707	leg.tilt.rocket:cproc
Invokes method java.io.FilterInputStream.read	3707	leg.tilt.rocket:cproc
Invokes method java.io.BufferedInputStream.read	3707	leg.tilt.rocket:cproc
Invokes method java.lang.Object.getClass	3707	leg.tilt.rocket:cproc
Invokes method java.io.BufferedInputStream.close	3707	leg.tilt.rocket:cproc
Invokes method java.lang.Object.getClass	3707	leg.tilt.rocket:cproc
Invokes method java.lang.String.getBytes	3707	leg.tilt.rocket:cproc
Invokes method java.lang.Object.getClass	3707	leg.tilt.rocket:cproc
Invokes method java.io.FileOutputStream.write	3707	leg.tilt.rocket:cproc
Invokes method java.lang.Object.getClass	3707	leg.tilt.rocket:cproc
Invokes method java.io.BufferedInputStream.close	3707	leg.tilt.rocket:cproc
Invokes method java.lang.Object.getClass	3707	leg.tilt.rocket:cproc
Invokes method java.io.FilterOutputStream.close	3707	leg.tilt.rocket:cproc
Invokes method android.app.ActivityThread.currentActivityThread	3707	leg.tilt.rocket:cproc
Acesses field android.app.ActivityThread.mPackages	3707	leg.tilt.rocket:cproc
Invokes method java.lang.reflect.Field.get	3707	leg.tilt.rocket:cproc
Invokes method java.lang.Object.getClass	3707	leg.tilt.rocket:cproc
Invokes method java.lang.ref.Reference.get	3707	leg.tilt.rocket:cproc
Invokes method java.lang.ref.Reference.get	3707	leg.tilt.rocket:cproc
Acesses field android.app.LoadedApk.mClassLoader	3707	leg.tilt.rocket:cproc
Invokes method java.lang.reflect.Field.get	3707	leg.tilt.rocket:cproc
Acesses field android.app.LoadedApk.mClassLoader	3707	leg.tilt.rocket:cproc

leg.tilt.rocket
1⤵
- Loads dropped Dex/Jar
- Uses reflection
PID:3638

leg.tilt.rocket:cproc
1⤵
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses Crypto APIs (Might try to encrypt user data).
- Uses reflection
PID:3707

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads