Overview

overview

10

Static

static

7

a520776bfe...ce.apk

android-9-x86

10

a520776bfe...ce.apk

android-10-x64

10

a520776bfe...ce.apk

android-11-x64

10

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Resubmissions

11-10-2023 14:52

231011-r8rewsec7t 10

02-10-2023 22:00

231002-1w26asgf88 10

Analysis

  • max time kernel
    4066969s
  • max time network
    152s
  • platform
    android_x86
  • resource
    android-x86-arm-20230831-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system
  • submitted
    02-10-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a520776bfea89d266ce1609fc5ca3d52e38ae282b5b0cc35455478b3f7f933ce.apk

  • Size

    2.7MB

  • MD5

    de425288564e500a76a3e6cb7d00b451

  • SHA1

    dadea7112c2d89b4a9846cbc75fcba7e37df7953

  • SHA256

    a520776bfea89d266ce1609fc5ca3d52e38ae282b5b0cc35455478b3f7f933ce

  • SHA512

    d206d73d1a4cd627402574acd686a6692263c2fd2aebae744d064d8f1cfcfea298ed68f31fccb772ad244f88a5431fed3b6cf1ac0fac48d8c1616002e7f5e8e1

  • SSDEEP

    49152:UzTnQSQG66mqg8cZgzhTytYQCFHnrN1lue8Iwex0GQl6fr9iHDS:UzTnV66uZyTyinnrfluNFemIfJiHG

Score
10/10
ermachookbankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

ermac

AES_key

Extracted

Family

hook

AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 2 IoCs
  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.bulosinehipibe.zusu
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4185
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/oat/x86/xPd.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json
    Filesize

    675KB

    MD5

    0d7011aae5c495eb21bc14fb36274b37

    SHA1

    1688ae0e296fb51bd5e2e1e5e6d69f485dd595d9

    SHA256

    ec05193f495dbd4e80fe15ef83aff93ca43d57acdb397470c74c983d80898ffd

    SHA512

    16707e9e653b1c49969371a7a7cd66e1a052ea7aa6408ade08956356fef143c83f07987d43bbe5355f77aff826e1d38f2a66c7c4b43b4344f84e526e0bbabf9c

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json
    Filesize

    675KB

    MD5

    76da66ec311b117dd6dc9847d23c2306

    SHA1

    1d22fa205027f21d2f528ef32e377d6c20a15bbb

    SHA256

    9c2a5fb6388857a4e5dcf1c509cfada357b3fd0c41df04745aeeb9895d4b8f85

    SHA512

    73a4284dc624cfb28e5e0994a2560f0cbab95c7e9cb3ceeccb9b1c5ddbb000a0f59265b2b4a0e48a2e9e57a6d531feb98ea3b4a92a2c4d815ba2135e0a16ce78

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    99fa962f34272ff3f6a119065fe202cb

    SHA1

    2e4b9fe77557989e9cad2ec37381377fe89f1028

    SHA256

    274db85abcf810856efcdd4009483c4c99d01811e1a02b7da7b238eaf7c71ff9

    SHA512

    c7a7037d205ac5e741ca3fbe41c4661b9ea6557480217fd8286f0fe3ebf474b94d4ed7dbce6bf6f9746f4b91c52900fdf510fbcefa73968db4f01b9216b508d5

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    0cefad73cd498922f97ef27a9211c0b7

    SHA1

    0c5f722eab3bc1f1011382757648a5a596c27a1d

    SHA256

    5b98be0f48715a0aca88e7dba04d22543c067078a64c3b1fdb5974e8732c002d

    SHA512

    04464add94c0845f1ce623cb507d2bc9b35aece3c1bf9f8c57f7116d5b4ffef4062007ede08c0032846e6068beea9924df050a26183a3c2cbe860bc8f996f54e

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    70f6864341cf731fbde25bcb14e36705

    SHA1

    b88281e9c79210b7b0ad9eaa65e6ae897902c373

    SHA256

    b153e5c77f93c9636e7ef5a28b3e72db5306e12605997c7797c8482d7eb43174

    SHA512

    e273c201eb9e8a883edd816e09ab24aacad9bb21c849d057118a3fe9faddc7988b0332be54657ff0127fea444319e2d1d8652ac55117b6870d5208bc9d60d5e6

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    9488568b3a95bcbca30a63630d2ddd5f

    SHA1

    0d25458a1bfc4a75d0502540ca96762b7793bfad

    SHA256

    248ae4162fe0ebc247b5e9d3d9b00730c0db1368ad7bdc7d9fe9baad683e58f8

    SHA512

    5a8c49286fbe0cb1b1963a479cde1e3e4b9ca5d47105334ff7e21d72ca4f124f670a00f478c3f120feb738dbab47a79b7ee6e0b2b9d494d3493a0fff0aac7ded

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json
    Filesize

    1.5MB

    MD5

    e6f1ae1b0e9a30aa3a200142741c7d9d

    SHA1

    71e0d603729cf270dfb72d42ca437652e593b46d

    SHA256

    0857ce896a6aedeec362983d8b0125abe77966b27e73f1bd310e178342af47e5

    SHA512

    cd43c207150955543c0cedded0f4a3562cefd2fa6901f2861218a358d9c04326de7bca08000f1e518b3eadc5ebf9b028bce64d4357a788ee9f11b4812a09e4bd

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json
    Filesize

    1.5MB

    MD5

    ad90592ba1bd967fb65ef9eb4cbcb6e1

    SHA1

    a12ca9423455034bca28396a4067783e33818c55

    SHA256

    baec4072b1157a3179e6a3d144caedc96cd6afeebaa27da6a0444ce3d41c0908

    SHA512

    d19c6c46b2161eb4614c7b48ad1cb008bab1dac18d19dcfa535cbb670b8badf64c6eb37105624b6bf868084d5a47ff83670fe3dc69e075e6b75dce857fe307fc

    Download Submit