Overview

overview

10

Static

static

7

facdbaa405...19.apk

android-9-x86

10

facdbaa405...19.apk

android-10-x64

10

facdbaa405...19.apk

android-11-x64

10

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    4066979s
  • max time network
    163s
  • platform
    android_x64
  • resource
    android-x64-20230831-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20230831-enlocale:en-usos:android-10-x64system
  • submitted
    02-10-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    facdbaa40525fd2622d88e201253cba273ea779669ea04287c65d5df87866219.apk

  • Size

    2.7MB

  • MD5

    1510d4516b4944f2996fe5e6f71bb117

  • SHA1

    460e5b76846ba3d4e1d218ee06469704f7fdb9be

  • SHA256

    facdbaa40525fd2622d88e201253cba273ea779669ea04287c65d5df87866219

  • SHA512

    688852286998996b8c8e1ed010eaf1690d177c122a9f4748226c5d2d8a7f9c9a80e1db4728db1a5f44ca3c8a713397891a1176a6f8dec760a9e29ec66c4aa7af

  • SSDEEP

    49152:gwxNZUPB0zKA2g8t1gNkTyuNhCFHnrNMl2LMOOdT6yJ7sbC:gwxNZUPB0e11FTym6nrOl2LM/zybC

Score
10/10
ermachookbankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

ermac

AES_key

Extracted

Family

hook

AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 2 IoCs
  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.bulosinehipibe.zusu
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:5052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json
    Filesize

    675KB

    MD5

    0d3998927c01464e76013e1ba8a98ef9

    SHA1

    ab9aaa1e50a5d57b06b4bccb501cec87c30aa9ac

    SHA256

    dde9f9235f6b5b8970e0a19f309c49a38528c1ee55e0de04a3d6525f9cb46a46

    SHA512

    68ffc1116a9e88d5474b020f9739125f890600db00f67bc13cf7337194954d615b41460c5188b2fa12767a0c5aac0d9cf998391710c941521335897cb9fd00fa

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json
    Filesize

    675KB

    MD5

    edc5bfa307ed549e2c7e6aa90b1bbf1f

    SHA1

    f8774704320d03624867c4a158b299e73b50304a

    SHA256

    c6828835f1bb2682771f64649456c6aa61c5223705ede469aa1ade5d46a3afd8

    SHA512

    b629d07fb72deaee0d2d677a99a415bf8bc9599a9baec5509df45dc5e21a4022fc360a7cdc15c9e894689bb133c1fa2a651b3cd2bc9799b211a61ab187cd65fe

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    946497efbf02b39dcc44ee1716a886be

    SHA1

    a735f9be767fcb29f41a60040c846dbd660ace4c

    SHA256

    1a8dc45669a614cfdbf180239b5f95b607677f6fa1687e95911ad146cd288d61

    SHA512

    dc70bbd921c77c8d5cbcddda826593e623d8d86692675ee310e40e821882fd4f9dce5b85feed71f09c055cfc945d671271689d9d4ea9be28c0e2fb7ef1baf8f3

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    e7acbbcd01277098d3bb4e1db7330c51

    SHA1

    4bc44d69961693be50f68962ebf220dd260ad5d5

    SHA256

    8dd5a8ca7d3befe45ad7a91c0e587138a0841d7eb5c18bb719d55a686cfa4ee2

    SHA512

    76f1d39a95713a722c95461b93e879dd4e8dadeba3c44ad1d880315b1f17e3e387893f5e353cfe54fad56ff82d8422cc64349c5a91fa9d8ce353b09850254b51

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    0958aa6b607bb17f16a01424542fd8a7

    SHA1

    8138cecacff60d991674ccf841db1d1c9250d3bd

    SHA256

    770b3c49434071f6fd17cdd276b2e239f77bdf7cbe93e0b68d532c60ae412815

    SHA512

    1664612b014aecce7fb93bacb4fabbda88ee39af80ef35ac6fa03c1bd8b34aa4088958f789e4b12bf13fa6a6889fe720b2e7e9ef8eb2f2d7e4a7dfe2246fe685

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    bcc763190f00bc46cad6cafbfb8372d1

    SHA1

    5d0ced238d2540392380b8b6bd51e04378d8b077

    SHA256

    901f4d7c744bad1529eca7ced0680864a7bc07daa075412b915e7c7c2b8a00ed

    SHA512

    50f2d309b0c89c89c556ff4ba8295ef03a49a6c56d4c209d93a30103e3f6d14cd1125f1d1b30dc082f7e2dee9d24e1319c0f27976e6174d44018442b8820fe58

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json
    Filesize

    1.5MB

    MD5

    304a506cd3c316140cba4b35174ec269

    SHA1

    7d391fd95220afe1074336972cc2c8b9d770b19e

    SHA256

    ef008d375717ebfba7704e82cf000e008e9615397e12ab48bbed7c9c09638edf

    SHA512

    d672e2db3dd5bd45ed8d1218e5c38aad43c07e9d9b45dc7bd4641d90996f46db519e0b0771b1f16b0d58f886c66ddb6542d7feef6aad37479e34d9a3a9feb9ee

    Download Submit

  • [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json]
    Filesize

    1.5MB

    MD5

    304a506cd3c316140cba4b35174ec269

    SHA1

    7d391fd95220afe1074336972cc2c8b9d770b19e

    SHA256

    ef008d375717ebfba7704e82cf000e008e9615397e12ab48bbed7c9c09638edf

    SHA512

    d672e2db3dd5bd45ed8d1218e5c38aad43c07e9d9b45dc7bd4641d90996f46db519e0b0771b1f16b0d58f886c66ddb6542d7feef6aad37479e34d9a3a9feb9ee

    Download Submit