Overview

overview

10

Static

static

7

bdfcb81d29...ec.apk

android-9-x86

10

bdfcb81d29...ec.apk

android-10-x64

10

bdfcb81d29...ec.apk

android-11-x64

10

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Analysis

  • max time kernel
    31193s
  • max time network
    141s
  • platform
    android_x86
  • resource
    android-x86-arm-20230831-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system
  • submitted
    05-10-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bdfcb81d29f5e37887a7bed805e80518fd3b869d4a0d18f1bc3f811c6ce0ceec.apk

  • Size

    2.7MB

  • MD5

    25320511547434ff047ecb9b50251fe7

  • SHA1

    75a9814b9c5552360e871b5574dd0f0889de1d5d

  • SHA256

    bdfcb81d29f5e37887a7bed805e80518fd3b869d4a0d18f1bc3f811c6ce0ceec

  • SHA512

    36b5e31f856375715f433f9d06199f19e1edc423bc1d2ce5cb8e7689062da599cbde26c00fe1d14cdf3c8c365027cb7f653280d6fe3cef7deb4db563d43f361c

  • SSDEEP

    49152:bM3XYHFnnomnFmce3LElRWlg8NmHg07TyPeqCFHnrNqlr1YsXbxNRLqiAP0dM2Qn:aXYHNoWmR74+mHlTyGdnrQlrblbqNiun

Score
10/10
ermachookbankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

ermac

AES_key

Extracted

Family

hook

AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 2 IoCs
  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.bulosinehipibe.zusu
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4204
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/Pt.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/oat/x86/Pt.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4234

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/Pt.json
    Filesize

    675KB

    MD5

    3572349307fd0250d31e71246b2b72cf

    SHA1

    947bafc91623f542deb385d88ab428357dd03083

    SHA256

    a905bd4391f9727e28a774c3d3d1e56f96d3265da7d75b4dddba85447f6b3252

    SHA512

    8c65cf5d16ba84ff8cf26b684acdbcd7674d842bded61604b4878a5211b228e17a2d11436199f98bab48e3055d8a73f50737596f27b8e58cb8190367d930f8d2

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/Pt.json
    Filesize

    675KB

    MD5

    36fbdd1a42f97c67e2bef9f1325e1838

    SHA1

    e3da19cdcc7e7a2ca4e39d2bb5e012f405c6ce51

    SHA256

    09b4c1b4febdaf7ca17ee5e6d7bd123f32a86836d1b5a2eb8040e90fa2b20ea8

    SHA512

    b566d26aaeb1fc00ef958c899c00e692bde7be05f9be151a03e183b23c89ca6cadae3114c29e4a9b6529b62c07610218ea3d95edb416714d70227fc51b2ba80f

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/app_DynamicOptDex/oat/Pt.json.cur.prof
    Filesize

    3KB

    MD5

    40f9daff061f6fdb8179c1574f015d96

    SHA1

    e73c90310a6c4c43c9aa342822a3a5ac76a74ad1

    SHA256

    4243940d23ea372c6e455cc24ff3cb0870cb16bdaf83318818baa9da99412f63

    SHA512

    b39ecac5b9fad293bab916d1c89366b4f8c6f1b1826e1ca7fd01e3b44e104b92dfbc62f71bb44031f9d2f59ffcd08ed2e399a38980d2a7560b63148c0333c886

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    bfda6c14a8c0ba4b9d15950aeaf6b1b8

    SHA1

    0a45a2203f8bed3b53e84ea360e2e713fcb99cb9

    SHA256

    5e797dc3b57b7f881138486c24003ff9e2b53ac6b2a3bb60703e257833c39d78

    SHA512

    5e98a0a544c9032af266c119142421e6fbc3e931182ac50ce88315d37f662d0e05f4966c84f8bd7a02b17cb8bc7610f27621c70577fda7c63f44b88f866b9642

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    97fcfb4a9ffb59fd877b0b7b581a0454

    SHA1

    cebfb53f20d24c6174c46f0da17ac333203546c9

    SHA256

    7126d8ef2b8b0840afa5a66cb51542fe8bdab37fefeaa2ddd14f092547081404

    SHA512

    d8b21c9f6b8c7af1e7d271383d5888d2a8eb7538d37077ac04252f1fbbe0acdd2ba93cd7e19d20c544eb226631394130437298bbce9aee70a415501c2a48e067

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    b56ea820705833b4e3d1471f65e597df

    SHA1

    4253cee54ce86e529312c0b8aefb15cd1a9bade3

    SHA256

    9acbc76f009ba1a108fd35cc0102c20abf01e372b8f86f2f2e0f23b30831f30c

    SHA512

    8a626b87c0de3f0ca1934b35360bcd71021f7a9c32a80835549bf7905aa3262617a5cbd03d7c7c62b8f25e252b3823b109cc3de1deddcdf4844bbf50d7a9d56c

    Download Submit

  • /data/data/com.bulosinehipibe.zusu/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    1f269bf10522e1f1a368300ff1e92e23

    SHA1

    8e8758ef6ccc160643abd5fe08c58da45b08418d

    SHA256

    63a7c76954c610e4b550c7e99f720e240465157130da9afe6978ac742acadf03

    SHA512

    a4f0c6139242e86ca7112cedd134c887b5b1633d5c3f8cfb9817b46b82e3e3dfbb8eeb74c273255d252880a34e34783248a7c246da23d72ab38ae2e959709965

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/Pt.json
    Filesize

    1.5MB

    MD5

    4619b00d2f6b5be71d4828494c1cad64

    SHA1

    3c692e4ee4339dbf310f75a022302fc14277444a

    SHA256

    628247794d3cc44b0614eae9b3a2a06d526f66c707e72f72908a20edd1952cd6

    SHA512

    575face8e6114320e53601897dc160af316e6bf5513af304efa33fc67cbd96ae392aaacc24827903537cb8bfb6b7193dbf57fba8703e400f799404235f80b416

    Download Submit

  • /data/user/0/com.bulosinehipibe.zusu/app_DynamicOptDex/Pt.json
    Filesize

    1.5MB

    MD5

    ac142c3331ab2acae01d52d959956dce

    SHA1

    56f7c2864a1ca5c3da9377f4a01cfcd7fff52f75

    SHA256

    93ed2c2dd31a9e5fc7ec1564e0b0fa3dde02bb75896292c1d1c30e818e44bf6b

    SHA512

    f2e3f2f915011763c6c0f5dc837e63b14d1d005ac0da0260c20932796badf72c5b6c1c53a24688d7b61b89818f5f64ab4ab496050485a9f21dd0421c0fcea8b3

    Download Submit