Overview

overview

10

Static

static

7

b3ee8c90d9...f2.apk

android-9-x86

10

b3ee8c90d9...f2.apk

android-10-x64

10

b3ee8c90d9...f2.apk

android-11-x64

10

cupcake.xml

windows7-x64

1

cupcake.xml

windows10-2004-x64

3

default_paper_1.xml

windows7-x64

1

default_paper_1.xml

windows10-2004-x64

3

default_paper_2.xml

windows7-x64

1

default_paper_2.xml

windows10-2004-x64

3

default_paper_3.xml

windows7-x64

1

default_paper_3.xml

windows10-2004-x64

3

default_sh...le.xml

windows7-x64

1

default_sh...le.xml

windows10-2004-x64

3

default_sh...rt.xml

windows7-x64

1

default_sh...rt.xml

windows10-2004-x64

3

default_sh...mb.xml

windows7-x64

1

default_sh...mb.xml

windows10-2004-x64

3

default_sh...re.xml

windows7-x64

1

default_sh...re.xml

windows10-2004-x64

3

default_sh...ar.xml

windows7-x64

1

default_sh...ar.xml

windows10-2004-x64

3

default_sh..._2.xml

windows7-x64

1

default_sh..._2.xml

windows10-2004-x64

3

default_sh...le.xml

windows7-x64

1

default_sh...le.xml

windows10-2004-x64

3

default_shape_x.xml

windows7-x64

1

default_shape_x.xml

windows10-2004-x64

3

diamond.xml

windows7-x64

1

diamond.xml

windows10-2004-x64

3

drops.xml

windows7-x64

1

drops.xml

windows10-2004-x64

3

elephant.xml

windows7-x64

1

Analysis

  • max time kernel
    1687394s
  • max time network
    46s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230621-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230621-enlocale:en-usos:android-11-x64system
  • submitted
    17/07/2023, 15:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b3ee8c90d9038c94565785ba2eeca0362de853a6324e3c93736a22eba09b50f2.apk

  • Size

    2.8MB

  • MD5

    c909a9df9dc4c6508eb4cf7c68aa5293

  • SHA1

    0adf0df2c56c8b76b27abde0e73d18bede6c8274

  • SHA256

    b3ee8c90d9038c94565785ba2eeca0362de853a6324e3c93736a22eba09b50f2

  • SHA512

    782e63f86e8662230dc3f22bc872ed54a8a4e8284f965c869831bf14ee2ce0dfb83a473031b4bd9579e205928211498c75e06182063fcf8c26ce6b254b16831f

  • SSDEEP

    49152:LTMV/hemABwhkqfbDU0g8fYz5mgzMTym95CFHnrNUlgocZFWy3ACdv3IFoBQ/g:LTk/zRbDU8Yz5mXTyuynrWl/cZco52Fe

Score
10/10
ermachookbankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

ermac

AES_key

Extracted

Family

hook

AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 2 IoCs
  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.dohisoyumokexisi.jufosiji
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4412

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /data/user/0/com.dohisoyumokexisi.jufosiji/app_DynamicOptDex/xCB.json
          Filesize

          674KB

          MD5

          175bb924fc9f89f16a75772a8d9f152b

          SHA1

          04b1a438617f073751cf5347e3cb0ee95dcff32d

          SHA256

          3fabd4daed04836e54116b2d44af9027e32c3d5b7a1075d2399e9a5ba3bf269c

          SHA512

          8aa3c3e74c6a2a2f0d739e7896157ebd62c79bf4513435b9ed666bc3b5a08757869fb0594d9ad685f6b40e4721a0c931674c6900768410e172322d332d48ace6

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/app_DynamicOptDex/xCB.json
          Filesize

          1.5MB

          MD5

          e0eaeebcf53c831477bc5cd6b908822a

          SHA1

          3ea42012ab8fdac61426eb494a51f755a6d331d0

          SHA256

          84765b800ce4182b581719ad1fb35afdea8e0dc20f47b025a5df78837a91fbb6

          SHA512

          626605b9d3a5e7dcf3b582cd56aec18a99d7beb23df99323de9924b7ad86b442ce9d8213710a54fbb47ad965e1caa09c7bed7b704a531154450187f590d0c98d

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/app_webview/Default/GPUCache/index
          Filesize

          48B

          MD5

          6d7d499960179766cd4261d12dacc411

          SHA1

          e6f8553b0015e12b23cc551afe98763f3b1c9bed

          SHA256

          c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

          SHA512

          6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/app_webview/Default/GPUCache/index-dir/temp-index
          Filesize

          96B

          MD5

          077e4e1fbd295bb56c6d798634f4f1a5

          SHA1

          d41e18f459b9b50aaaddc4d8d5cc2913b68adef4

          SHA256

          7bcc40d9972b0d94939ccf626c787897fc9666a53cd150bbcc44f0b7f067e01a

          SHA512

          38c427a9777f775efbdb9567299cd000d2bd66e858bb3da09c699cc91b21d3a7b94ea0d5714989b2321db67ea088c2c321e2523e5f498ff3c7454fa1fa5b1e5f

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/app_webview/Default/Session Storage/000001.dbtmp
          Filesize

          16B

          MD5

          46295cac801e5d4857d09837238a6394

          SHA1

          44e0fa1b517dbf802b18faf0785eeea6ac51594b

          SHA256

          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

          SHA512

          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/app_webview/Default/Session Storage/000003.log
          Filesize

          61B

          MD5

          9f7eadc15e13d0608b4e4d590499ae2e

          SHA1

          afb27f5c20b117031328e12dd3111a7681ff8db5

          SHA256

          5c3a5b578ab9fe853ead7040bc161929ea4f6902073ba2b8bb84487622b98923

          SHA512

          88455784c705f565c70fa0a549c54e2492976e14643e9dd0a8e58c560d003914313df483f096bd33ec718aeec7667b8de063a73627aa3436ba6e7e562e565b3f

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/app_webview/Default/Session Storage/LOG
          Filesize

          141B

          MD5

          811b2928e8ef9783f87fe55b0bf40916

          SHA1

          d6046fd9e1ae2c1d2d0aeaf0b20006953aa78ba3

          SHA256

          3e21577655188617939c2c96e9fd4b45171544b65873babdb7ecbbaea2593fb2

          SHA512

          b438d56b6a1745fbdd1e3f576d9eb758e02ac16cd7f50f8c5f69dd0c95f0cf7108d4e608da3732901e96b9ce18c8ddfbcb614669481543fe3fe0def5e3afd9b6

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/app_webview/Default/Session Storage/MANIFEST-000001
          Filesize

          41B

          MD5

          5af87dfd673ba2115e2fcf5cfdb727ab

          SHA1

          d5b5bbf396dc291274584ef71f444f420b6056f1

          SHA256

          f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

          SHA512

          de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/app_webview/Default/Web Data
          Filesize

          120KB

          MD5

          a48cd9324b1f8754b07f00d863b840f3

          SHA1

          11c6614775b35a58f440971dfc87c8aaac6d6173

          SHA256

          8859a216183793485d4699bf69d7ed96904679834188d07b9a70424d47eb1420

          SHA512

          35fa712f0af4a5eeed7e00e4e59ed5027dc6609d268462fe79d92043be9ae0c5961ce9e1d2f64b1a196c9b6aa6242b8b83817b3ee4c1058596c58a99c45478b1

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/app_webview/Default/Web Data-journal
          Filesize

          2KB

          MD5

          ecb930e6888dfc96bebd411412173e69

          SHA1

          f787b51e0c94d942a8fc6e279337e20c075a627c

          SHA256

          3e1bf6efac355ecc33050be4f653e9080fad52fbdee89b4b59e824549a17d302

          SHA512

          cd94909e2204b95a370955a47e1b9b1cbf8b3ccbac44756a7f04b46fd265dacd4b90e90ff09de22bf5c01f8ba7e042f72f30e6ae0fe970d399eda35f3d4ef117

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/app_webview/webview_data.lock
          Filesize

          35B

          MD5

          641a2ef3dd79a60f6d4946975beefffe

          SHA1

          1043811e2be5b4da99dbd17f43c9a39eac4c4632

          SHA256

          68ac4015a4f11152aa24905766de0473248d4f7cb3050d3e1c3e4c522485d283

          SHA512

          4ab6abd0f95870e479d7199123e4d98849623eaa061cfa1141bb45c44f711ed8341412ab3aa751d2d5c52afefdb299a409fbb3df63e6dbcbd0669d9ef6e1d8e3

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/cache/WebView/Crashpad/settings.dat
          Filesize

          40B

          MD5

          cb7d3dd605ba81041e04cf363ba0728b

          SHA1

          d4c1c2abe1ceb9e47553326ba31e92373be053d3

          SHA256

          af53da8a9da9f35eea830e982c56c2696b90084ff5e100a44ff1e76932af9790

          SHA512

          2f75d9e8779e8c8ad20597c062df15e6619d35626d30ebd007ff2022afc7ffe6a7d3255fddf0e37d74f2989d912108b7f19f565e4cbf7c1d182e19e7f258feb9

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/cache/WebView/Default/HTTP Cache/Code Cache/js/index
          Filesize

          48B

          MD5

          6d7d499960179766cd4261d12dacc411

          SHA1

          e6f8553b0015e12b23cc551afe98763f3b1c9bed

          SHA256

          c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

          SHA512

          6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/cache/WebView/Default/HTTP Cache/Code Cache/js/index-dir/temp-index
          Filesize

          96B

          MD5

          c925a915af52f972511a1f6aad1c217d

          SHA1

          f1de01dc69c2b3c557a17dcbc184cf769739d4f0

          SHA256

          0777e6c171a02788c4c78d6abc85254ce1f0919054ba80a45371250d10545559

          SHA512

          61a0a40ff6248eeeb83970d3abb3f6151fba4734ef2da1649aed6cf06bf1a728315724bab0f97ec162a09099503755a6f2c8a8a8f1c8baa0b3492d9034068898

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index
          Filesize

          48B

          MD5

          6d7d499960179766cd4261d12dacc411

          SHA1

          e6f8553b0015e12b23cc551afe98763f3b1c9bed

          SHA256

          c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

          SHA512

          6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/cache/WebView/Default/HTTP Cache/Code Cache/wasm/index-dir/temp-index
          Filesize

          96B

          MD5

          33b2372851f07e7ee78929b38c8680c7

          SHA1

          0713a5920cf2ceb166eb41310774f0af993a330a

          SHA256

          03dea3101bcc64036f0415747753c0ee4418972ed7c06f23c778e9e8a1b3f404

          SHA512

          f178f6c86170e69b5891680656b6441a68525bde8b61298732d94392dbb4b14df39b775356e9d5557853c3b8f7d8f219bc03aa422fb349cb068d97a3042f385d

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/cache/WebView/font_unique_name_table.pb
          Filesize

          57KB

          MD5

          f080fa2a56ab5479d58063e5ea871447

          SHA1

          4b3fd57a98916fa5784305b76ba30af26b5253d9

          SHA256

          0aa374bc456330fd1b5daf18d25b4bb8e2df1998dfa85466f2c31843ff56e815

          SHA512

          8aee3186a95b389d39882620b7c4199a29aa50580aa98a381b2931a934de6406943c89d4d00ebeabff21e2b03b4a4adcc01e37e32a2335c4838be24bdbf61936

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/no_backup/androidx.work.workdb
          Filesize

          8KB

          MD5

          e579a6b00eef1318f9166352228eba18

          SHA1

          76988896854f0139083e77862eea1a4846cf039f

          SHA256

          4b34cf505050facf47aa7936e4e7667e1969105665c632b3eefe7ecddf9a6935

          SHA512

          c47632e957d87727bf6504a82ca7a44d8da24d30cd997a0f449a96e4f97c656a1b4d9da3fcd827e2a48c59677688da0b872358ebd0f9369d898d1b8ec18d5699

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/no_backup/androidx.work.workdb-journal
          Filesize

          1KB

          MD5

          f797dab0a225799944e6370dd4270068

          SHA1

          2ad61d4749ce1cda39854af0adb8f5757b9f2184

          SHA256

          25482845eb43990f077b26a54c5155cb92da61341475c75fca687486d1cb4fe4

          SHA512

          3429c623fc50e8de254398b9b5f7f2c4985b296233d2d1f5977ca8e0b0814a18f2060003981e1561e0ee3d9421720a170bf932b3e99ee711523437c42c638280

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/no_backup/androidx.work.workdb-shm
          Filesize

          16B

          MD5

          4ae71336e44bf9bf79d2752e234818a5

          SHA1

          e129f27c5103bc5cc44bcdf0a15e160d445066ff

          SHA256

          374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb

          SHA512

          0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/no_backup/androidx.work.workdb-wal
          Filesize

          346KB

          MD5

          30210da0e76fd9c8312cb6154e02e80e

          SHA1

          9daef30e3986ea7f95439170a68c0e07be59c7c2

          SHA256

          bc3576bde144fac5f7dae7c94e723e22a481f8831d89f2b4f132daf8ac792519

          SHA512

          df6538ba256081785d468bf412b523c578f70952fe0fab7cb50b13a3f3972b32dc12173a34d9fb2f9f39cd56c93db49e64408372f7bb467fcb0baa99c9868edb

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/shared_prefs/WebViewChromiumPrefs.xml
          Filesize

          127B

          MD5

          97ccd9a2b2063143df56b6937f961ca4

          SHA1

          5e78a91ae5df289ce83443cb7d5589dd3504fb5d

          SHA256

          248ff7928128015b1cfe3e6517c8f9b8c9511bfb8c8baf44fc1370640eac61fd

          SHA512

          86c05a5bb3d7eedea390664796966e9e5a5bf846c85808da54407788a76b3ee25b91428242a1e76d8765bfe51e1ba3636617fbab6e7dbb39fcc433e07c3fcd3b

          Download Submit

        • /data/user/0/com.dohisoyumokexisi.jufosiji/shared_prefs/settings.xml
          Filesize

          142B

          MD5

          dcee2cc3108e94c1890b06a34f633fff

          SHA1

          290fe998986d6cb565433cfd5e6e8b99dbcaf82e

          SHA256

          19526b94fc37ff19b7df0e19bdc7dbe960b96186f683654a5a74b964d712e488

          SHA512

          43074288dd10ac080cb89e08dcff115d879275444399f688ce41ecf4c751fc4f4c4a3cc095a5f6a5903ef1cd11dbad2b1d94aa9e59afd9baed9d25e861a2fac9

          Download Submit

        • [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.dohisoyumokexisi.jufosiji/app_DynamicOptDex/xCB.json]
          Filesize

          1.5MB

          MD5

          e0eaeebcf53c831477bc5cd6b908822a

          SHA1

          3ea42012ab8fdac61426eb494a51f755a6d331d0

          SHA256

          84765b800ce4182b581719ad1fb35afdea8e0dc20f47b025a5df78837a91fbb6

          SHA512

          626605b9d3a5e7dcf3b582cd56aec18a99d7beb23df99323de9924b7ad86b442ce9d8213710a54fbb47ad965e1caa09c7bed7b704a531154450187f590d0c98d

          Download Submit