Analysis
-
max time kernel
4067098s -
max time network
148s -
platform
android_x86 -
resource
android-x86-arm-20230831-en -
resource tags
-
submitted
02-10-2023 22:00
General
-
Target
c462c3e4715ba097fdf645932917aa907413a5ca538a468f790d2dde1e92fd1d.apk
-
Size
2.7MB
-
MD5
4f4ba8f4f962b75f444459e930b2adab
-
SHA1
07c39db5b89bef50e49b28fe36d006431f140fa5
-
SHA256
c462c3e4715ba097fdf645932917aa907413a5ca538a468f790d2dde1e92fd1d
-
SHA512
720ed536c2074016772192afb213fdd7cc90efff5ed2ed90d4407bd1ab4f8110f99129bbf7fb8db748bda28c96f37b258d0deacc3f46cf195232bf7d16e5cf43
-
SSDEEP
49152:EoVtLfZvc4smZDYyg8aAgC1TyRkMCFHnrNBl5eILJOcGT49kfrJzsywKS+w:EoVtfZcxmZDmAlTy6bnrDl5HF8T44en
Malware Config
Extracted
ermac
Extracted
hook
Signatures
-
Ermac
An Android banking trojan first seen in July 2021.
-
Ermac2 payload 2 IoCs
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service. 3 IoCs
-
Acquires the wake lock. 1 IoCs
-
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
-
Reads information about phone network operator.
-
Removes a system notification. 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes
-
com.bulosinehipibe.zusu1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
-
/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/oat/x86/ebFl.odex --compiler-filter=quicken --class-loader-context=&2⤵
- Loads dropped Dex/Jar
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
675KB
MD5f49e8a788e53b7e1e054248ab571c0b1
SHA1f5a870ef0e19e332381c3c17bdc2a8333c86e733
SHA25685e8aa0f6f3e5c386265aa4e7d381930102f05e25d2e64f34cc53ae77ef026cd
SHA5120ff996ac719a0924e92dc38da15f71c1f995f82687e4dcd3a1c8786eee22f19f7083928a569d538f04500cb13112778cc5ae8e575b36048829c426ad7bcb6ea6
-
Filesize
675KB
MD595a42313a143c59ccd0a59e25b4c65f7
SHA148ce701e20e847a74ee6a82d7de330e0ec6a9a2f
SHA2562e4884470436bc7d3d5f6e957ffcccd27575da27e32f4ea9548f50aa463910a9
SHA512ab4f1efe0b4b1409a2062a4f8e9fc18146f33fb4b5d7a2c24f790fc9298894e9e3b42b0e4b4d105f53297ef19643be352892eb53a0279a807fab591434f4cbaa
-
Filesize
2KB
MD59f63b5c495728f98d94e11327a3f4a80
SHA152c0b659a10b05dd628ded637d9671a8b5f59049
SHA2561a60572a1f13fa067ac8181e3bcae3d624d0da7319a744073301327eb1315849
SHA512887cfc2ebd4ba3b3bffa9e14e8d1a135f8f9c2ff6724995d3567a6737abcb6e6ae69d29235cdbd337cdca5b86f200e8e4ef87feaef607edc3181ec142952c151
-
Filesize
3KB
MD56cf68fe3039278b3d924e57f3b5d8f14
SHA16e6464d9a48731d48674cfc5f47078177f311838
SHA25666f34aec507c50ea7914d5ea3211fc2e7dc333d725741956e4c035b1b76aa26b
SHA5126006babef0be34aef2788d676ec68ffdf51b9473f0eb805e7d74ad4f71e2aaa8e0ca1f6427d58d7bb0d447d75109320c04ebaeb82bfa046cda849ebdf6908fb7
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD549a3c1dfe08e84b6efe022163a9a2ad0
SHA1b2b5e31d0469cf36c07157ea3955eb75494eddd3
SHA256c4421050ec8d9694c6ea2ecc73413c35962b1ab213356b5d064e39e8c909b39e
SHA512bbf636c1ba4fc4cc1d5a473e2eed1cf581348a0cff1e13332c56b276208e54d06e02ad5f549b3ccdcd11f8f69da9938423dd37d8f82e71601a07b3b56f4ebff6
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
108KB
MD5a6906299c9c9bda16bfb2dde41576c44
SHA1ff5d04b4335f0fb78f8b77eda7f8e2e96d74c675
SHA256bf922c887d4c870eeb6ea1d4a1d28503d53afa59264a284c302f2249bca7bfda
SHA51256aa8ebae0e686811d1eb7dc7f95606a59844f006eb6488017197a5473d6f32ea7c7ac47a8477649b1c5aea6262da299da678258b96592ea29a611d88936a71b
-
Filesize
173KB
MD5549ea90b157fc50830d8b42a2907cf04
SHA1916368bd8aff06e19da0ea266f45c156633128b2
SHA25679a250c99b4eea450a4f28a81edc92d7e5fbfe7a02ff9cfeeb00dac500373312
SHA5126b2e783b29596666cb5ac293db8816bf2381c7c3b601d4879da8aa5b9f9a70d85e696986dedbf808e181f13271b165e1445ce22ff8608c0cfa34a48c0b7508cc
-
Filesize
16KB
MD5431ee91f016d86e236d3048a2f441f72
SHA105a690e5af7a51c648f2621153a46dade0ea7223
SHA2560d4337f8a3fa0a99ec3ff74f1c786af8c0804223755a19f9a9d3b3fe447ff1c6
SHA51209b37d452efeeae5ab3a143bfa3b1af95d35262aa337b245537f0bcc26fcbb2a1881ae03cedad42771777fbaad360364d0653eafa42c501a3fe08c7d86d5d4b1
-
Filesize
1.5MB
MD5c606ec25071927dab1e8f62707aaa23f
SHA104f3da363fbd9c6a2ea940449c7d4d962d7b7288
SHA2566b79194574e6c32b7979c028d7c34d4328713034f948dc32a5e7bb32e2835b50
SHA51247e9afb1cf021d7630affc28417c05f1f5e8896d8856930ed9fde923db67eaea3334c1a523a1d1401d4eec1f2a8997f8bcecaa03e7cfa9dfcb8701cde8cc2605
-
Filesize
1.5MB
MD5bcced22f9ce50fbd79a55d02a81fc1be
SHA11f719a83fed54f6c79e05734b6b98e70310279e0
SHA256eda752974c1a92f0e49db42ba3862d4e9364ae21e8747597d2c248f8884b43d3
SHA512e4822a57339a336f7486a2dd2ad1f5855703890d4f2f3c0de2b6eab5012d71328992a1b4ad7a414608d5a06cb5d266dfeb8448f3002829632ce5a02d3f9a4065