Overview

overview

10

Static

static

7

facdbaa405...19.apk

android-9-x86

10

facdbaa405...19.apk

android-10-x64

10

facdbaa405...19.apk

android-11-x64

10

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    4067119s
  • max time network
    154s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230831-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230831-enlocale:en-usos:android-11-x64system
  • submitted
    02-10-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    facdbaa40525fd2622d88e201253cba273ea779669ea04287c65d5df87866219.apk

  • Size

    2.7MB

  • MD5

    1510d4516b4944f2996fe5e6f71bb117

  • SHA1

    460e5b76846ba3d4e1d218ee06469704f7fdb9be

  • SHA256

    facdbaa40525fd2622d88e201253cba273ea779669ea04287c65d5df87866219

  • SHA512

    688852286998996b8c8e1ed010eaf1690d177c122a9f4748226c5d2d8a7f9c9a80e1db4728db1a5f44ca3c8a713397891a1176a6f8dec760a9e29ec66c4aa7af

  • SSDEEP

    49152:gwxNZUPB0zKA2g8t1gNkTyuNhCFHnrNMl2LMOOdT6yJ7sbC:gwxNZUPB0e11FTym6nrOl2LM/zybC

Score
10/10
ermachookbankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

ermac

AES_key

Extracted

Family

hook

AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 2 IoCs
  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.bulosinehipibe.zusu
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json
    Filesize

    675KB

    MD5

    0d3998927c01464e76013e1ba8a98ef9

    SHA1

    ab9aaa1e50a5d57b06b4bccb501cec87c30aa9ac

    SHA256

    dde9f9235f6b5b8970e0a19f309c49a38528c1ee55e0de04a3d6525f9cb46a46

    SHA512

    68ffc1116a9e88d5474b020f9739125f890600db00f67bc13cf7337194954d615b41460c5188b2fa12767a0c5aac0d9cf998391710c941521335897cb9fd00fa

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json
    Filesize

    675KB

    MD5

    edc5bfa307ed549e2c7e6aa90b1bbf1f

    SHA1

    f8774704320d03624867c4a158b299e73b50304a

    SHA256

    c6828835f1bb2682771f64649456c6aa61c5223705ede469aa1ade5d46a3afd8

    SHA512

    b629d07fb72deaee0d2d677a99a415bf8bc9599a9baec5509df45dc5e21a4022fc360a7cdc15c9e894689bb133c1fa2a651b3cd2bc9799b211a61ab187cd65fe

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json
    Filesize

    1.5MB

    MD5

    304a506cd3c316140cba4b35174ec269

    SHA1

    7d391fd95220afe1074336972cc2c8b9d770b19e

    SHA256

    ef008d375717ebfba7704e82cf000e008e9615397e12ab48bbed7c9c09638edf

    SHA512

    d672e2db3dd5bd45ed8d1218e5c38aad43c07e9d9b45dc7bd4641d90996f46db519e0b0771b1f16b0d58f886c66ddb6542d7feef6aad37479e34d9a3a9feb9ee

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/oat/eoqPgaw.json.cur.prof
    Filesize

    3KB

    MD5

    a6b6ecb215ec6b2b931ae85bf965cbcc

    SHA1

    c1923442f5ddfa5e02ffe87f72e8ed7847c7e1c9

    SHA256

    f272853dc548f0609690daf4fb44485002127719ae2b83173ccdc81b5f58ac1b

    SHA512

    368b08287685004060bd994346faf58fb91b541cf68be96c0cffc1f8dc7b7c33a16da5a4e752d6adb1f5508c7bd4f053384ee7ebf9d87358bed4042693aa06da

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    fad9507c4446fa45fca0dc3c3e751a1d

    SHA1

    cb1843511608517bf3b4d9ff3de5da898ebdf963

    SHA256

    3c51906fd870d1672c186670f2209eb97c5e8e772a2a43449c25e3b3286f1d0d

    SHA512

    66d9d746b2f6a6c42515d636ee3c027a1b3664e4594bbf3d8a295628249c19de95f14513b98824f2c6d8ec20819fdb64866d86690b7e521377ab3e7fb849627b

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    c90d67a76d2e465661b8d99beb13a2d2

    SHA1

    00abd40cf98c643aabdabb0bf4cc8463a4a4fcf8

    SHA256

    6bde2c55451d4372211c44892ac82fa2c82b8c4a3dd64db297ac350c6df16f76

    SHA512

    2c8406f8069b0671597ded828b78e39cbe72ce21c07e95da2589dc1680c776e718caab278e9b2699905e37e183843930fe9649bb7922454c22a5fac0d338dc7c

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    4edb2d474b6a6290a0fd313ad8c52c5a

    SHA1

    18d5ec1e0aca702937867f104e9dcb5f711764e0

    SHA256

    813a00e0da600143ca68656c476b67665a4f0e73b6107bdac3a6dc7fb23b5f43

    SHA512

    ec9e883768da5fd2b6937d2917448daf38d9749e3fef465967a0d7ee8e6ce150e4fd6667ff8fd0edc15d12d531b6af100ffbe3e74432a78cc18f67a146ee7b92

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    0d7ab8b3ea46612d23f0f01207a485ed

    SHA1

    816749f6c83b7932d1456ac53008882dc3ae19f4

    SHA256

    f07a8ce2f29a9f534f51d27b08233e87dd93155a09189b127b174031b654810b

    SHA512

    dbefd136e5a53ed26a3b72f43443149afa676f4a2d2d71f708375db8dbd63e33011fa1422b7d3047e5ac5c2aa60b15b9729b3b9be41cbcfa7bafc21f03d3fe2b

    Download Submit

  • [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/eoqPgaw.json]
    Filesize

    1.5MB

    MD5

    304a506cd3c316140cba4b35174ec269

    SHA1

    7d391fd95220afe1074336972cc2c8b9d770b19e

    SHA256

    ef008d375717ebfba7704e82cf000e008e9615397e12ab48bbed7c9c09638edf

    SHA512

    d672e2db3dd5bd45ed8d1218e5c38aad43c07e9d9b45dc7bd4641d90996f46db519e0b0771b1f16b0d58f886c66ddb6542d7feef6aad37479e34d9a3a9feb9ee

    Download Submit