Overview

overview

10

Static

static

7

c462c3e471...1d.apk

android-9-x86

10

c462c3e471...1d.apk

android-10-x64

10

c462c3e471...1d.apk

android-11-x64

10

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    4066981s
  • max time network
    161s
  • platform
    android_x64
  • resource
    android-x64-20230831-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20230831-enlocale:en-usos:android-10-x64system
  • submitted
    02-10-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c462c3e4715ba097fdf645932917aa907413a5ca538a468f790d2dde1e92fd1d.apk

  • Size

    2.7MB

  • MD5

    4f4ba8f4f962b75f444459e930b2adab

  • SHA1

    07c39db5b89bef50e49b28fe36d006431f140fa5

  • SHA256

    c462c3e4715ba097fdf645932917aa907413a5ca538a468f790d2dde1e92fd1d

  • SHA512

    720ed536c2074016772192afb213fdd7cc90efff5ed2ed90d4407bd1ab4f8110f99129bbf7fb8db748bda28c96f37b258d0deacc3f46cf195232bf7d16e5cf43

  • SSDEEP

    49152:EoVtLfZvc4smZDYyg8aAgC1TyRkMCFHnrNBl5eILJOcGT49kfrJzsywKS+w:EoVtfZcxmZDmAlTy6bnrDl5HF8T44en

Score
10/10
ermachookbankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

ermac

AES_key

Extracted

Family

hook

AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 2 IoCs
  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.bulosinehipibe.zusu
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:5035

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json
    Filesize

    675KB

    MD5

    f49e8a788e53b7e1e054248ab571c0b1

    SHA1

    f5a870ef0e19e332381c3c17bdc2a8333c86e733

    SHA256

    85e8aa0f6f3e5c386265aa4e7d381930102f05e25d2e64f34cc53ae77ef026cd

    SHA512

    0ff996ac719a0924e92dc38da15f71c1f995f82687e4dcd3a1c8786eee22f19f7083928a569d538f04500cb13112778cc5ae8e575b36048829c426ad7bcb6ea6

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json
    Filesize

    675KB

    MD5

    95a42313a143c59ccd0a59e25b4c65f7

    SHA1

    48ce701e20e847a74ee6a82d7de330e0ec6a9a2f

    SHA256

    2e4884470436bc7d3d5f6e957ffcccd27575da27e32f4ea9548f50aa463910a9

    SHA512

    ab4f1efe0b4b1409a2062a4f8e9fc18146f33fb4b5d7a2c24f790fc9298894e9e3b42b0e4b4d105f53297ef19643be352892eb53a0279a807fab591434f4cbaa

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    63598172f740023de91139da62fec662

    SHA1

    be35758a57d58233dbc880ee499f121bd999269b

    SHA256

    2b9f1ab3c87a76c886d16dd04008602c9f6190c1cf533a136dff9e5f8802f86a

    SHA512

    a22f07b0473254bba7e69a25598b1d731ae7770d492848b77e91f17563613a694909e7d2dba15a69f1e0cb6bc7d85091dc5d5084dcb21c17129f5f24d26b9177

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    7d99810494a1701b629627f3f11711bc

    SHA1

    3ab599c0d474154e3f8d72e8734970a56139201f

    SHA256

    6ef6d32b9bbf9c5af9133a6b1b3de02821d12b17b5dee59380e1a0cab692fc79

    SHA512

    2ddc85d177b2398b2ae4121fc6e05081d39ac9384189bfa6b3177409b5ebee3fcdd6a1d5bf6f8f8b57442c14f4a027ad4846f3f4969238d2abe72f2b0743b53f

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    e506d694ba12d1fa6a60ac230d3d9575

    SHA1

    f8b59982b5622324daf0d77e2850f992a01c309a

    SHA256

    38b5f0724c633e3229ab2922c0e92eddefa79e76b65482f4645808fceec5de0e

    SHA512

    9fd8c07254e294a971ff658297640bdf3d44d26332a894dff82c97dcf8c2da19fb3a60d32387970270600f79f669e7394b2dee02683d5db048474cc87aa750a4

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    bfb84fe7ccaf0946e099184711966a88

    SHA1

    09b25aa13d5803d213e1dfdf223de8aa650ae9c6

    SHA256

    e85e64ba7438cd747c39de1b011c9d663b02678a6c5b467cfd272dd8704e4dbe

    SHA512

    7069889192deb6c78e80ccf204a84fcee0f22f7dcab44d154d6be20afdbda395d605e1a58eb39f8044fe800841bcb1049c43541b20d6fd88cde935ab21407816

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json
    Filesize

    1.5MB

    MD5

    bcced22f9ce50fbd79a55d02a81fc1be

    SHA1

    1f719a83fed54f6c79e05734b6b98e70310279e0

    SHA256

    eda752974c1a92f0e49db42ba3862d4e9364ae21e8747597d2c248f8884b43d3

    SHA512

    e4822a57339a336f7486a2dd2ad1f5855703890d4f2f3c0de2b6eab5012d71328992a1b4ad7a414608d5a06cb5d266dfeb8448f3002829632ce5a02d3f9a4065

    Download Submit

  • [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/ebFl.json]
    Filesize

    1.5MB

    MD5

    bcced22f9ce50fbd79a55d02a81fc1be

    SHA1

    1f719a83fed54f6c79e05734b6b98e70310279e0

    SHA256

    eda752974c1a92f0e49db42ba3862d4e9364ae21e8747597d2c248f8884b43d3

    SHA512

    e4822a57339a336f7486a2dd2ad1f5855703890d4f2f3c0de2b6eab5012d71328992a1b4ad7a414608d5a06cb5d266dfeb8448f3002829632ce5a02d3f9a4065

    Download Submit