blackrock | a25bf4bdb2ed9872456af0057eb21ce31fd03d680d63a9da469519060b4814bc

Analysis

max time kernel
2074315s
max time network
158s
platform
android_x86
resource
android-x86-arm-20220823-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20220823-enlocale:en-usos:android-9-x86system
submitted
15-11-2022 15:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a25bf4bdb2ed9872456af0057eb21ce31fd03d680d63a9da469519060b4814bc.apk
Size

3.5MB
MD5

0d4a272052b87d098271ddfb6f4ea191
SHA1

c1b3db52e0aa1798b9193ea7f1a2c8d7747aeec8
SHA256

a25bf4bdb2ed9872456af0057eb21ce31fd03d680d63a9da469519060b4814bc
SHA512

b891f95ea0aee3b04ffd62714a17e5c9c25491a51934ab0642dfd5c7c8ead2558b3f29a37c0b2a45b45a19113a28cf1b2d47115d8b2a8cf00067d7daa5316deb
SSDEEP

98304:t91OL1lrWdyaMKcPr0clWlAP8r8VMZmARB9exM:t91OJlrWYf3lKAkroARB9exM

Score

10^/10

blackrock banker infostealer ransomware trojan

Malware Config

Signatures

BlackRock
BlackRock is an android banker based on Xerxes banking Trojan.
banker trojan infostealer blackrock

BlackRock payload 5 IoCs

Processes:

resource	yara_rule
/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/wumso.json	family_blackrock
/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/wumso.json	family_blackrock
/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/wumso.json	family_blackrock
/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/wumso.json	family_blackrock
/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/wumso.json	family_blackrock

Makes use of the framework's Accessibility service. 1 IoCs

Processes:

artwork.differ.kitchen

description	ioc	process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	artwork.differ.kitchen

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps). 1 IoCs
banker

Processes:

artwork.differ.kitchen:cproc

description ioc process

Framework service call android.content.pm.IPackageManager.getInstalledApplications artwork.differ.kitchen:cproc
Acquires the wake lock. 1 IoCs

Processes:

artwork.differ.kitchen

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock artwork.differ.kitchen

description	ioc	process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	artwork.differ.kitchen:cproc

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	artwork.differ.kitchen

Loads dropped Dex/Jar 5 IoCs

Runs executable file dropped to the device during analysis.

Processes:

artwork.differ.kitchen/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/wumso.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/oat/x86/wumso.odex --compiler-filter=quicken --class-loader-context=&artwork.differ.kitchen:cproc

ioc	pid	process
/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/wumso.json	3985	artwork.differ.kitchen
/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/wumso.json	4050	/system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/wumso.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/oat/x86/wumso.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/wumso.json	3985	artwork.differ.kitchen
/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/wumso.json	4125	artwork.differ.kitchen:cproc
/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/wumso.json	4125	artwork.differ.kitchen:cproc

Requests enabling of the accessibility settings. 1 IoCs

Processes:

artwork.differ.kitchen:cproc

description ioc process

Intent action android.settings.ACCESSIBILITY_SETTINGS artwork.differ.kitchen:cproc
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

artwork.differ.kitchen:cproc

description ioc process

Framework API call javax.crypto.Cipher.doFinal artwork.differ.kitchen:cproc

description	ioc	process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	artwork.differ.kitchen:cproc

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	artwork.differ.kitchen:cproc

artwork.differ.kitchen
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
PID:3985
- /system/bin/dex2oat --debuggable --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --debuggable --generate-mini-debug-info --dex-file=/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/wumso.json --output-vdex-fd=42 --oat-fd=43 --oat-location=/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/oat/x86/wumso.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4050

artwork.differ.kitchen:cproc
1⤵
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses Crypto APIs (Might try to encrypt user data).
PID:4125

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/oat/wumso.json.cur.prof

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/oat/x86/wumso.odex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/oat/x86/wumso.vdex

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/wumso.json

Filesize
454KB

MD5
697f9bc2aaa121bb62bd391658ca297b

SHA1
0877f5cf03074aa0bcf4ef08a1c1e49603d9d95e

SHA256
05e067405d0652cecbbd7efe627958de7e61b4bbaf925818acef58bfa4337336

SHA512
1533880d87096c1a8bd721cc87a3ec804b42e4e9244d3a6bb430e895b7b3eddbcf60e1dda6b50589700a7498eb3158f5d591e91b845d67e439f3f00e6149f923

Download Submit
/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/wumso.json

Filesize
454KB

MD5
477ff918c411653ea081fadffcf1b616

SHA1
22596bd0ac2add86520fe4c1baac0ec2d1883128

SHA256
8bd7dcc276bcd620054d13de928606eac85102bb32e1544eb3fae3a198adc71c

SHA512
56854f9ed86406f8dc3ce50adfae3824def1b0de95d0ff7b5b78e5cb0388f51a95d8df125340e8f58299c72f83a6d52a0c8c297d2fda241a5cb76b6a9e355ac2

Download Submit
/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/wumso.json

Filesize
454KB

MD5
477ff918c411653ea081fadffcf1b616

SHA1
22596bd0ac2add86520fe4c1baac0ec2d1883128

SHA256
8bd7dcc276bcd620054d13de928606eac85102bb32e1544eb3fae3a198adc71c

SHA512
56854f9ed86406f8dc3ce50adfae3824def1b0de95d0ff7b5b78e5cb0388f51a95d8df125340e8f58299c72f83a6d52a0c8c297d2fda241a5cb76b6a9e355ac2

Download Submit
/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/wumso.json

Filesize
454KB

MD5
477ff918c411653ea081fadffcf1b616

SHA1
22596bd0ac2add86520fe4c1baac0ec2d1883128

SHA256
8bd7dcc276bcd620054d13de928606eac85102bb32e1544eb3fae3a198adc71c

SHA512
56854f9ed86406f8dc3ce50adfae3824def1b0de95d0ff7b5b78e5cb0388f51a95d8df125340e8f58299c72f83a6d52a0c8c297d2fda241a5cb76b6a9e355ac2

Download Submit
/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/wumso.json

Filesize
454KB

MD5
477ff918c411653ea081fadffcf1b616

SHA1
22596bd0ac2add86520fe4c1baac0ec2d1883128

SHA256
8bd7dcc276bcd620054d13de928606eac85102bb32e1544eb3fae3a198adc71c

SHA512
56854f9ed86406f8dc3ce50adfae3824def1b0de95d0ff7b5b78e5cb0388f51a95d8df125340e8f58299c72f83a6d52a0c8c297d2fda241a5cb76b6a9e355ac2

Download Submit
/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/wumso.json

Filesize
454KB

MD5
477ff918c411653ea081fadffcf1b616

SHA1
22596bd0ac2add86520fe4c1baac0ec2d1883128

SHA256
8bd7dcc276bcd620054d13de928606eac85102bb32e1544eb3fae3a198adc71c

SHA512
56854f9ed86406f8dc3ce50adfae3824def1b0de95d0ff7b5b78e5cb0388f51a95d8df125340e8f58299c72f83a6d52a0c8c297d2fda241a5cb76b6a9e355ac2

Download Submit
/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/wumso.json.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/artwork.differ.kitchen/app_DynamicOptDex/wumso.json.x86.flock

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit