Overview

overview

10

Static

static

7

60a84a9c1f...38.apk

android-9-x86

10

60a84a9c1f...38.apk

android-10-x64

10

60a84a9c1f...38.apk

android-11-x64

10

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

jquery-2.2.0.min.js

windows7-x64

1

jquery-2.2.0.min.js

windows10-2004-x64

1

libcrashly...ler.so

debian-9-armhf

1

libcrashly...ine.so

debian-9-armhf

libcrashlytics.so

debian-9-armhf

1

libimagepipeline.so

debian-9-armhf

1

libnative-filters.so

debian-9-armhf

1

librsjni.so

debian-9-armhf

1

libtoolChecker.so

ubuntu-18.04-amd64

1

mraid.js

windows7-x64

1

mraid.js

windows10-2004-x64

1

Analysis

  • max time kernel
    376912s
  • max time network
    163s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230831-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230831-enlocale:en-usos:android-11-x64system
  • submitted
    09-10-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    60a84a9c1f41257573d5c2ee96926ae56c2e7255b62526b432bff3818a95d438.apk

  • Size

    2.8MB

  • MD5

    7c71a0dfa8b60f6ef52f3d6c0c1d8f3a

  • SHA1

    7eeeb0cd33994adb728fcbc8376666a9bcb63b74

  • SHA256

    60a84a9c1f41257573d5c2ee96926ae56c2e7255b62526b432bff3818a95d438

  • SHA512

    eacf91ce4fa315213b3936f95accc7cc7339e1cc1623cb67c9e8c52a696de9250ed2596c782ce55c8fb28ef8a1f7aa8c219ef5c371d4e18b5610b0edf8594f6a

  • SSDEEP

    49152:jhl6sJ8552sjbU7g8d8qbdm0rwa5ztam7D328ugZ4e85W3/Az:jhlCdjgwqbdmIrXrr85R

Score
10/10
ermachookbankerevasioninfostealerransomwareratstealthtrojan

Malware Config

Extracted

Family

ermac

C2

http://91.215.85.37:3434

AES_key

Extracted

Family

hook

C2

http://91.215.85.37:3434

AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 1 IoCs
  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.zeriyatetahelo.hodi
    1⤵
    • Makes use of the framework's Accessibility service.
    • Removes its main activity from the application launcher
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4549

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.zeriyatetahelo.hodi/app_DynamicOptDex/XXhAsT.json
    Filesize

    677KB

    MD5

    853bfb626a4e20e1fddb36028d018634

    SHA1

    6e536a55d87814bad019e52b20d8303e91124778

    SHA256

    41d3ecbf5cba680bdf23a9d40ec2ab6c561dea6e68820a09117c62483a48da84

    SHA512

    074941cc4e68a1c053dfdb664e3afbfbe5b3d731e5d547035620ce552c866b8042473224313649231a294cdfc96b7560893a26c540cb4fe74d75b4e99c484869

    Download Submit

  • /data/user/0/com.zeriyatetahelo.hodi/app_DynamicOptDex/XXhAsT.json
    Filesize

    677KB

    MD5

    35e82027ddab7996192175d175ba488c

    SHA1

    be9fa31102efffbb44d7a20dd1a8e7a4b185a2ad

    SHA256

    edc5038411ed851fe488e54e869df9dc5a0121270b779d33e89effbcc88a0f91

    SHA512

    de8fdf7044f6aa5fe95f67a58c9c99b988c4f12c6acfb952bccea3fbfba7f4beee858ee9705d6e8e9e5b020258760f4b5ad177c695df7eadcde71001ad2daadc

    Download Submit

  • /data/user/0/com.zeriyatetahelo.hodi/app_DynamicOptDex/XXhAsT.json
    Filesize

    1.5MB

    MD5

    4fdb4489998b24cd1c9c6625769ec3ec

    SHA1

    e515c55c75be675060e143fa525f770f1534ad50

    SHA256

    3f1ff2d8838ded4ab4cbfdb11576185e51c8504d61bfffad0a981c050b5d9c85

    SHA512

    5375341dd4f4cb146d31ddfc38dddc47e682f68267d27f2d50913cd5478778f17601327f1cb06156567f8d98a2ff37c05729f435888e6bf348db4efe437a9471

    Download Submit

  • /data/user/0/com.zeriyatetahelo.hodi/app_DynamicOptDex/oat/XXhAsT.json.cur.prof
    Filesize

    3KB

    MD5

    441e0c96f0ea2f6365b04ecd7e8bf6be

    SHA1

    02c1296993e24818181ac6f46cdd4073343a4708

    SHA256

    8b72acdc94daf6fb3e3e62f8e4b11f47088d8afae8f6973e7c9f513d8253c90d

    SHA512

    b2ba42f56d72d57240058df437f1b968e3a3f519f5c249d67492f05de4f48ed4f9977a76c9d036e1081baee4261802962c889eed8a5ff037745cd12f628aaf33

    Download Submit

  • /data/user/0/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/user/0/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    cee3c49ccdfbba5b1362c53ed76494fa

    SHA1

    756e93e38fb0d03a7adb6542d637d4cabea2cfd4

    SHA256

    a0e9301f7d07b168f1b68e2958fe9c5a70ea38acb43b3201bbf78ff8cdff799e

    SHA512

    86ea7e1e0c19d3792b17111843688c703b624423e7cfeed43f367177630205ad65fd81afe952917812360fec16ea20341ca3160eff47f3c55feeb20580a8cce2

    Download Submit

  • /data/user/0/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/user/0/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    8fda5fa63dfffb3ee7f767a90d115d17

    SHA1

    ca878208dd2e575fc4adc73cd7525ab682697f8b

    SHA256

    876707ae65b2611b7e875aed9e294468d5b15abd6542611f21ab978a9e030579

    SHA512

    c6d247275056082695e41aa2dc92be6684d27c204c969e5c33bc85ee0dc0fd1c4520765c841cf40b0ad2e24a3c46d8769864b80f2cd5205870d51eee8ac881aa

    Download Submit

  • /data/user/0/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    a2284c70b6fbb8c4aa03dffecbfaa61c

    SHA1

    7b9224a10c0e84fae23c2941d4bb30229f94d13b

    SHA256

    d0290bc9ae9ee2e027c64c1232c1b38e5e85a57947964ea4b4db447b0e70257d

    SHA512

    ddc6736b0a876c9525a28e130665ceb772224fc4a73bdd9a67d5ae917c5a48c332e1e66dd9c8a8e1d6315900644923eb3ddf1455393d6538e09c1b441a7ee378

    Download Submit

  • /data/user/0/com.zeriyatetahelo.hodi/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    df3bfc9450f0a24aa61486460007a8e2

    SHA1

    cb2f852f0bef5357fe5d3df44696c063309f4f6b

    SHA256

    6e0b3f57a431f342c36a086da0203cbccfe5b5a81cf1d04cc036678fbc76a6da

    SHA512

    f8dcd66aade643679b7ad2031fe3283a36b6dd4cdeb5609f329121e83029e951f5c2335b64081acd6c76c255fe319fbcca2b350598c623ef4e5c612a62d5f8f4

    Download Submit