Overview

overview

10

Static

static

7

a520776bfe...ce.apk

android-9-x86

10

a520776bfe...ce.apk

android-10-x64

10

a520776bfe...ce.apk

android-11-x64

10

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Resubmissions

11-10-2023 14:52

231011-r8rewsec7t 10

02-10-2023 22:00

231002-1w26asgf88 10

Analysis

  • max time kernel
    4067037s
  • max time network
    166s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230831-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230831-enlocale:en-usos:android-11-x64system
  • submitted
    02-10-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a520776bfea89d266ce1609fc5ca3d52e38ae282b5b0cc35455478b3f7f933ce.apk

  • Size

    2.7MB

  • MD5

    de425288564e500a76a3e6cb7d00b451

  • SHA1

    dadea7112c2d89b4a9846cbc75fcba7e37df7953

  • SHA256

    a520776bfea89d266ce1609fc5ca3d52e38ae282b5b0cc35455478b3f7f933ce

  • SHA512

    d206d73d1a4cd627402574acd686a6692263c2fd2aebae744d064d8f1cfcfea298ed68f31fccb772ad244f88a5431fed3b6cf1ac0fac48d8c1616002e7f5e8e1

  • SSDEEP

    49152:UzTnQSQG66mqg8cZgzhTytYQCFHnrN1lue8Iwex0GQl6fr9iHDS:UzTnV66uZyTyinnrfluNFemIfJiHG

Score
10/10
ermachookbankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

ermac

AES_key

Extracted

Family

hook

AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 3 IoCs
  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 3 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.bulosinehipibe.zusu
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4699

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/oat/xPd.json.cur.prof
    Filesize

    3KB

    MD5

    5713abf8a693809043624ae7940eef74

    SHA1

    84d4dffb5f24df13708058c65f60d31ab84db471

    SHA256

    fb600b82486a34eea68a5fd406e98999dbad0d35f2beb19e6b15b287079e74c9

    SHA512

    add72257e2ee67da0cf492daaebeaaf5115c5f6e15486ec1fada0bb1f965922c9e81453e23451794ea2fb584582a8a59982cd12fe5d2e5a211288eddf5409f07

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json
    Filesize

    675KB

    MD5

    0d7011aae5c495eb21bc14fb36274b37

    SHA1

    1688ae0e296fb51bd5e2e1e5e6d69f485dd595d9

    SHA256

    ec05193f495dbd4e80fe15ef83aff93ca43d57acdb397470c74c983d80898ffd

    SHA512

    16707e9e653b1c49969371a7a7cd66e1a052ea7aa6408ade08956356fef143c83f07987d43bbe5355f77aff826e1d38f2a66c7c4b43b4344f84e526e0bbabf9c

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json
    Filesize

    675KB

    MD5

    76da66ec311b117dd6dc9847d23c2306

    SHA1

    1d22fa205027f21d2f528ef32e377d6c20a15bbb

    SHA256

    9c2a5fb6388857a4e5dcf1c509cfada357b3fd0c41df04745aeeb9895d4b8f85

    SHA512

    73a4284dc624cfb28e5e0994a2560f0cbab95c7e9cb3ceeccb9b1c5ddbb000a0f59265b2b4a0e48a2e9e57a6d531feb98ea3b4a92a2c4d815ba2135e0a16ce78

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json
    Filesize

    1.5MB

    MD5

    ad90592ba1bd967fb65ef9eb4cbcb6e1

    SHA1

    a12ca9423455034bca28396a4067783e33818c55

    SHA256

    baec4072b1157a3179e6a3d144caedc96cd6afeebaa27da6a0444ce3d41c0908

    SHA512

    d19c6c46b2161eb4614c7b48ad1cb008bab1dac18d19dcfa535cbb670b8badf64c6eb37105624b6bf868084d5a47ff83670fe3dc69e075e6b75dce857fe307fc

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    4aa67784eb6527d80840ad41f9370f5e

    SHA1

    3e4986c76e8a412301b329bb741d5578711f33e6

    SHA256

    faa11a83b615e4033e65032878add45d9c9bc7c219ca8bbc7c04a8e3504e6995

    SHA512

    ef468bd1d4793e789d14405c862e4573b0fba706594ce6f8578cc787a917989b9a4a4a2f2fad90fdb3664876f612bd49a245b5facc7780694c5e4ace3e5ca637

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    188aaedbed6e94c79cc5830060313ed8

    SHA1

    320841a6ccb595118273db7aed61925def7d04c3

    SHA256

    7219ca29a68058c0c0208f5dc87fe58303829276f2b46dd115adf1dafa6da92e

    SHA512

    8dbe0c57a06d2ff933c777c173bd3ebba6eba12b774d428f4ec6b315b09622c2cac7a35f9e75b784a101a3a6ee9669058d3f4b28ad5ee6d5945ed2c078bc1276

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    703cd2c5657324efe4bcc57e2fb78c2e

    SHA1

    0bac39f98dbc0f771e8afd00e2121743f9db88c3

    SHA256

    d1e91cd12a4f61412a33349b9254273825246e5eae4288c294424380e77f4519

    SHA512

    5a8875f3165bd6a67df13717504bde5362d932796951e96a09aed83ae14fadda7fb31cd3d225115da1eb170a7fe791b123f572d5def9dda6c0564c9af0ab554f

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    600c9d222f713dc0854db1310cf19624

    SHA1

    b5683e269a83e234af3ce437920fc4ebe1a19ccd

    SHA256

    b75861b4b93643a456ae9b86db02a7c345181a09d617e607b1327898dfeb4195

    SHA512

    43fd112fc4b51afc2b040561d8e5d6715493c2c16bd9d7b8e7726b71d3a496d6b882445abf7360f0bf738e8e64f7d4b206c562dad4cb5d7961bfe2c3ab1be35b

    Download Submit

  • [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json]
    Filesize

    1.5MB

    MD5

    ad90592ba1bd967fb65ef9eb4cbcb6e1

    SHA1

    a12ca9423455034bca28396a4067783e33818c55

    SHA256

    baec4072b1157a3179e6a3d144caedc96cd6afeebaa27da6a0444ce3d41c0908

    SHA512

    d19c6c46b2161eb4614c7b48ad1cb008bab1dac18d19dcfa535cbb670b8badf64c6eb37105624b6bf868084d5a47ff83670fe3dc69e075e6b75dce857fe307fc

    Download Submit

  • [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/xPd.json]
    Filesize

    1.5MB

    MD5

    ad90592ba1bd967fb65ef9eb4cbcb6e1

    SHA1

    a12ca9423455034bca28396a4067783e33818c55

    SHA256

    baec4072b1157a3179e6a3d144caedc96cd6afeebaa27da6a0444ce3d41c0908

    SHA512

    d19c6c46b2161eb4614c7b48ad1cb008bab1dac18d19dcfa535cbb670b8badf64c6eb37105624b6bf868084d5a47ff83670fe3dc69e075e6b75dce857fe307fc

    Download Submit