Overview

overview

7

Static

static

7

ebank_mobile_card.apk

android-11-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    ebank_mobile_card.apk

  • Size

    136.8MB

  • MD5

    9fc8161a14c7d265bc5df2fced3aa0b5

  • SHA1

    3ed2755512dfd2a96a6c3471416e6d06efd8ba6c

  • SHA256

    f33ac7627c60cf4b362ba84565fc0f5b1ec5c89c1026c126792a32c9fb5ca951

  • SHA512

    2aeae40b7446a197d7c13b5142b3958595bc92c0a475eb349eecb746fa7fb8a7d071c266b8caa7ed61817ad553300ae74a7064405434433e91270bd3d40f4c20

  • SSDEEP

    3145728:pMVk2Bgenzmd60/su47Kysy0UdMJGvzg4xmUKLFgtCGXfABC:yVkHvmu47idJG8CmUKZICgf

Score
7/10

Malware Config

Signatures

  • Requests dangerous framework permissions 11 IoCs

Files

  • ebank_mobile_card.apk
    .apk android arch:arm

    com.ebank.creditcard

    com.ebank.creditcard.MainActivity


  • 3.sql
  • 4.sql
  • 404.png
    .png
  • 77777777_0.0.0.22.amr
    .zip
  • 77777777.tar
    .tar .js
  • hpmfile.json
  • yghsh.cebbank.com:8444/FAF1447171438_product/1.0/axios/0.19.0/axios.js
    .js
  • yghsh.cebbank.com:8444/FAF1447171438_product/1.0/axios/0.19.0/axios.map
    .js
  • yghsh.cebbank.com:8444/FAF1447171438_product/1.0/axios/0.19.0/axios.min.js
    .js
  • yghsh.cebbank.com:8444/FAF1447171438_product/1.0/fastclick/1.0.6/fastclick.js
    .js
  • yghsh.cebbank.com:8444/FAF1447171438_product/1.0/fastclick/1.0.6/fastclick.min.js
    .js
  • yghsh.cebbank.com:8444/FAF1447171438_product/1.0/public.css
  • yghsh.cebbank.com:8444/FAF1447171438_product/1.0/public.js
    .js
  • yghsh.cebbank.com:8444/FAF1447171438_product/1.0/vconsole/vconsole.min.js
    .js
  • yghsh.cebbank.com:8444/FAF1447171438_product/1.0/vue-router/3.0.1/vue-router.js
    .js
  • yghsh.cebbank.com:8444/FAF1447171438_product/1.0/vue-router/3.0.1/vue-router.min.js
    .js
  • yghsh.cebbank.com:8444/FAF1447171438_product/1.0/vue/2.5.2/vue.js
    .js
  • yghsh.cebbank.com:8444/FAF1447171438_product/1.0/vue/2.5.2/vue.min.js
    .js
  • yghsh.cebbank.com:8444/FAF1447171438_product/1.0/vuex/3.1.2/vuex.js
    .js
  • yghsh.cebbank.com:8444/FAF1447171438_product/1.0/vuex/3.1.2/vuex.min.js
    .js
  • CERT.json
  • Manifest.xml
    .xml
  • 80010004_0.0.0.92.amr
    .zip
  • 80010004.tar
    .tar .js
  • hpmfile.json
  • www/css/chunk-common.d3293a94.css
  • www/css/quickPayment_cardQry.18acf5b9.css
  • www/css/quickPayment_debitCardMsgChecking.733f3ac7.css
  • www/css/quickPayment_historyDetail.8cff94e5.css
  • www/css/quickPayment_historyHome.d739fbd6.css
  • www/css/quickPayment_loading.76bdd8e2.css
  • www/css/quickPayment_moreCardHome.11e5b587.css
  • www/css/quickPayment_moreCardSubmit.53920373.css
  • www/css/quickPayment_singleCardConfirm.6dc8e02a.css
  • www/css/quickPayment_singleCardHome.e027d38f.css
  • www/css/quickPayment_supportBankCard.888ea85d.css
  • www/img/default.130ae4a9.png
    .png
  • www/img/defaultAdvert.504cb52c.png
    .png
  • www/img/defaultAdvert2.a571d5bd.png
    .png
  • www/img/error.a77d0ae5.png
    .png
  • www/img/loading-logo2.9d366ccb.gif
    .gif
  • www/img/logo.130ae4a9.png
    .png
  • www/img/more.d25f011f.png
    .png
  • www/img/nodahome.90895c9c.png
    .png
  • www/img/nodata.72787be3.png
    .png
  • www/js/chunk-common.d4a1c4f1.js
    .js
  • www/js/chunk-vendors.f4f54ff9.js
    .js
  • www/js/quickPayment_cardQry.53fcde2c.js
    .js
  • www/js/quickPayment_debitCardMsgChecking.40219089.js
    .js
  • www/js/quickPayment_historyDetail.ef0ae05f.js
    .js
  • www/js/quickPayment_historyHome.b1d52a40.js
    .js
  • www/js/quickPayment_loading.fdd0aa40.js
    .js
  • www/js/quickPayment_moreCardHome.5a8b116b.js
    .js
  • www/js/quickPayment_moreCardSubmit.7b06e287.js
    .js
  • www/js/quickPayment_singleCardConfirm.599c0862.js
    .js
  • www/js/quickPayment_singleCardHome.9f1cb9b7.js
    .js
  • www/js/quickPayment_supportBankCard.70dd5d55.js
    .js
  • www/quickPayment_cardQry.html
    .html .js
  • www/quickPayment_debitCardMsgChecking.html
    .html .js
  • www/quickPayment_historyDetail.html
    .html .js
  • www/quickPayment_historyHome.html
    .html .js
  • www/quickPayment_loading.html
    .html .js
  • www/quickPayment_moreCardHome.html
    .html .js
  • www/quickPayment_moreCardSubmit.html
    .html .js
  • www/quickPayment_singleCardConfirm.html
    .html .js
  • www/quickPayment_singleCardHome.html
    .html .js
  • www/quickPayment_supportBankCard.html
    .html .js
  • CERT.json
  • Manifest.xml
    .xml
  • 80010006_0.0.0.82.amr
    .zip
  • 80010006.tar
    .tar .js
  • hpmfile.json
  • www/billQry_accountDetail.html
    .html .js
  • www/billQry_accountList.html
    .html .js
  • www/billQry_allAccount.html
    .html .js
  • www/billQry_bycardDetail.html
    .html .js
  • www/billQry_carAccountDetail.html
    .html .js
  • www/billQry_carAccountList.html
    .html .js
  • www/billQry_carHistoryAll.html
    .html .js
  • www/billQry_carNoOutDetail.html
    .html .js
  • www/billQry_carPayDetail.html
    .html .js
  • www/billQry_historyAll.html
    .html .js
  • www/billQry_lhjAccountDetail.html
    .html .js
  • www/billQry_lhjAccountList.html
    .html .js
  • www/billQry_lhjFqDetail.html
    .html .js
  • www/billQry_lhjPayDetail.html
    .html .js
  • www/billQry_loading.html
    .html .js
  • www/billQry_noOutDetail.html
    .html .js
  • www/billQry_payDetail.html
    .html .js
  • www/billQry_transactionAgree.html
    .html .js
  • www/billQry_transactionQuery.html
    .html .js
  • www/billQry_transactionQueryDetail.html
    .html .js
  • www/css/billQry_accountDetail.bbcb26d8.css
  • www/css/billQry_accountList.a30d4025.css
  • www/css/billQry_allAccount.6f9a99ff.css
  • www/css/billQry_bycardDetail.ccc46f5a.css
  • www/css/billQry_carAccountDetail.11c3bf57.css
  • www/css/billQry_carAccountList.a098ecbb.css
  • www/css/billQry_carHistoryAll.bf4ccfec.css
  • www/css/billQry_carNoOutDetail.4392d289.css
  • www/css/billQry_carPayDetail.914a76d6.css
  • www/css/billQry_historyAll.c6a0f153.css
  • www/css/billQry_lhjAccountDetail.7f717643.css
  • www/css/billQry_lhjAccountList.db80c23c.css
  • www/css/billQry_lhjFqDetail.df90d697.css
  • www/css/billQry_lhjPayDetail.5f004daf.css
  • www/css/billQry_loading.1799928f.css
  • www/css/billQry_noOutDetail.90eb92f0.css
  • www/css/billQry_payDetail.de17d892.css
  • www/css/billQry_transactionAgree.f737be7b.css
  • www/css/billQry_transactionQuery.86d6c266.css
  • www/css/billQry_transactionQueryDetail.ac73c111.css
  • www/css/chunk-common.4e6c631a.css
  • www/img/defaultCard.8fb2a865.png
    .png
  • www/img/error.a77d0ae5.png
    .png
  • www/img/[email protected]
    .png
  • www/img/eur7.0ae646b7.png
    .png
  • www/img/feedpeople.800e7cf2.png
    .png
  • www/img/loading-logo2.9d366ccb.gif
    .gif
  • www/img/more.d25f011f.png
    .png
  • www/img/noRecord.371f5d15.png
    .png
  • www/img/noRecord.885025c6.png
    .png
  • www/img/[email protected]
    .png
  • www/img/rmb7.175a8371.png
    .png
  • www/img/[email protected]
    .png
  • www/img/usd7.8fdefd56.png
    .png
  • www/js/billQry_accountDetail.60bec9b5.js
    .js
  • www/js/billQry_accountList.2e502406.js
    .js
  • www/js/billQry_allAccount.9dec263c.js
    .js
  • www/js/billQry_bycardDetail.34805aa9.js
    .js
  • www/js/billQry_carAccountDetail.84831ae2.js
    .js
  • www/js/billQry_carAccountList.c862bfc1.js
    .js
  • www/js/billQry_carHistoryAll.76dc8b16.js
    .js
  • www/js/billQry_carNoOutDetail.b013699f.js
    .js
  • www/js/billQry_carPayDetail.de88b101.js
    .js
  • www/js/billQry_historyAll.724f6b9a.js
    .js
  • www/js/billQry_lhjAccountDetail.c7b4cf13.js
    .js
  • www/js/billQry_lhjAccountList.e9d33c4d.js
    .js
  • www/js/billQry_lhjFqDetail.5e367337.js
    .js
  • www/js/billQry_lhjPayDetail.0602fa21.js
    .js
  • www/js/billQry_loading.6721c07c.js
    .js
  • www/js/billQry_noOutDetail.a319ae4f.js
    .js
  • www/js/billQry_payDetail.ad833f38.js
    .js
  • www/js/billQry_transactionAgree.b7c6253e.js
    .js
  • www/js/billQry_transactionQuery.4f549975.js
    .js
  • www/js/billQry_transactionQueryDetail.3d269783.js
    .js
  • www/js/chunk-common.5d873871.js
    .js
  • www/js/chunk-vendors.4b3a1da3.js
    .js
  • CERT.json
  • Manifest.xml
    .xml
  • 80010013_0.0.0.16.amr
    .zip
  • 80010013.tar
    .tar .js
  • hpmfile.json
  • www/CashWithdrawalByStages_confirm.html
    .html .js
  • www/CashWithdrawalByStages_loading.html
    .html .js
  • www/CashWithdrawalByStages_record.html
    .html .js
  • www/CashWithdrawalByStages_recordDetail.html
    .html .js
  • www/CashWithdrawalByStages_submit.html
    .html .js
  • www/css/CashWithdrawalByStages_confirm.79c87d30.css
  • www/css/CashWithdrawalByStages_loading.76bdd8e2.css
  • www/css/CashWithdrawalByStages_record.787d4535.css
  • www/css/CashWithdrawalByStages_recordDetail.46d8dc5f.css
  • www/css/CashWithdrawalByStages_submit.4cddb4bb.css
  • www/css/chunk-common.a38fbb34.css
  • www/img/8291264953300090880.d90ed670.png
    .png
  • www/img/fqbg.8fd408fb.png
    .png
  • www/img/wk2.e6e9ec73.png
    .png
  • www/js/CashWithdrawalByStages_confirm.dfd4ec17.js
    .js
  • www/js/CashWithdrawalByStages_loading.f4389449.js
    .js
  • www/js/CashWithdrawalByStages_record.2efbe1d2.js
    .js
  • www/js/CashWithdrawalByStages_recordDetail.6ce826d6.js
    .js
  • www/js/CashWithdrawalByStages_submit.880adaaa.js
    .js
  • www/js/chunk-common.528dad44.js
    .js
  • www/js/chunk-vendors.9f28fd37.js
    .js
  • CERT.json
  • Manifest.xml
    .xml
  • 80010015_0.0.0.13.amr
    .zip
  • 80010020_0.0.0.15.amr
    .zip
  • 80020005_0.0.0.24.amr
    .zip
  • 80020027_0.0.0.101.amr
    .zip
  • 80020038_0.0.0.8.amr
    .zip
  • 80060000_0.0.0.51.amr
    .zip
  • AZURE2d.png
    .png
  • A_BwxWTJ2vSMAAAAAAAAAAAAAAARInAQ
  • A_Xvb4RKT7ebMAAAAAAAAAAAAAARInAQ
  • AlipayNumber.ttf
  • BANK_AP_ADDBANKCARD.png
    .png
  • BANK_AP_BALANCE.png
    .png
  • BANK_AP_DF.png
    .png
  • BANK_AP_HUABEI.png
    .png
  • BANK_AP_QMF.png
    .png
  • BANK_AP_YEB.png
    .png
  • BLUE2d.png
    .png
  • CFCA_ACS_SM2_OCA31.cer
  • CYAN2d.png
    .png
  • DB1.dat
  • DB2.dat
  • DroidSansFallback.ttf
  • EPaper.min.js
    .js
  • GREEN2d.png
    .png
  • IMConfig
  • Log-32.xml
  • Log-64.xml
  • LogFileUpdateConfig.xml
    .xml
  • MAGENTAV2d.png
    .png
  • MediaFrameworkcfg.ini
  • ORANGE2d.png
    .png
  • PqBpO4iuQ4COrd3VxC0iyQAAACMAAQED
    .png
  • RED2d.png
    .png
  • ROSE2d.png
    .png
  • RiskStub.dex
    .dex
  • RiskStub00.dex
    .dex
  • SVCConfig.txt
  • ShareSDK.xml
    .xml
  • ShortLinkConfig.xml
    .xml
  • VIOLET2d.png
    .png
  • YELLOW2d.png
    .png
  • aSY2fkC7TvensH-UqsYG1QAAACMAAQED
    .png
  • anim.json
  • antui_loading.json
  • antui_refresh_blue.json
  • antui_refresh_white.json
  • ap12d.data
    .png
  • ap2d.data
    .png
  • arrow.ttf
  • cEslNfG0SlCygvuDYFoagwAAACMAAQED
    .png
  • cdp_banner_close_btn.webp
  • channel.config
  • charm-map.png
    .png
  • cities.json
  • configure
  • configure00
  • cool-map.png
    .png
  • cui_close.png
    .png
  • cui_flash.png
    .png
  • cui_flash_close.png
    .png
  • custom_config.json
  • default.ttf
  • default_config.json
    .js
  • defaultv0
  • defaultv000
  • defaultv1
  • defaultv100
  • faceanalyze_20210705_quality191.dpn
  • grs_sdk_global_route_config_opendevicesdk.json
  • grs_sdk_global_route_config_opensdkService.json
  • grs_sdk_server_config.json
  • grs_sp.bks
  • h5.json
  • h5publickey.pem
  • h5titlebar.ttf
  • handwrite.html
    .html .js
  • hmsincas.bks
  • hmsrootcas.bks
  • ice-map.png
    .png
  • iconfont.ttf
  • ijDrs3cOTHytkgyqv5iFzwAAACMAAQED
    .png
  • info.y
  • infosec_ajaxhook.min.js
    .js
  • infowindow_bg2d.png
    .png
  • inkwell-map.png
    .png
  • instruction.json
  • instruction00.json
  • key
  • kpp7pwK4RZyb1mu-4oPfVwAAACMAAQED
    .png
  • libRiskStub.so
    .elf linux x64
  • libRiskStub00.so
    .elf linux x64
  • libocr_back.png
    .png
  • libocr_light.png
    .png
  • liveness220121_attack119.dpn
  • location_map_gps_3d.png
    .png
  • location_map_gps_locked.png
    .png
  • location_pressed2d.png
    .png
  • location_selected2d.png
    .png
  • location_unselected2d.png
    .png
  • lomo-map.png
    .png
  • macode_point_breathe2.json
  • manifest.mf
  • maps_dav_compass_needle_large2d.png
    .png
  • marker_default2d.png
    .png
  • marker_gps_no_sharing2d.png
    .png
  • media_server_agent.xml
  • mpaas.properties
  • mpaas_baseline.config
  • mpaas_licence.properties
  • mpaas_netconfig.properties
  • n8config.txt
  • net1.mnn
  • net2.mnn
  • net3.mnn
  • networkagreement.html
    .html
  • orange-map.png
    .png
  • output.wav
  • pZQbUfI9QTu-G9OB90Ih2wAAACMAAQED
  • paper.css
  • param
  • preferDetect.xml
    .xml
  • privacyStrategy.json
  • privacyStrategy00.json
  • root.der
  • roottest.der
  • rsa.pub
  • rsa.sig
  • sAB01UqKQTaBN2qoiN6IdgAAACMAAQED
    .png
  • safe.png
    .png
  • speaker.ttf
  • sunshine-map.png
    .png
  • vignette-map.png
    .png
  • walden-map.png
    .png
  • x.ttf
  • zKhxd1xkTeugIznul3xdPwAAACMAAQED
    .png
  • zS4MjRGcRv2DYW1s5vsFfwAAACMAAQED
    .png
  • zoomin_pressed2d.png
    .png
  • zoomin_selected2d.png
    .png
  • zoomin_unselected2d.png
    .png
  • zoomout_pressed2d.png
    .png
  • zoomout_selected2d.png
    .png
  • zoomout_unselected2d.png
    .png

Android Permissions

ebank_mobile_card.apk

Permissions

android.permission.BLUETOOTH

android.permission.CHANGE_WIFI_STATE

android.permission.CAMERA

android.permission.ACCESS_NETWORK_STATE

android.permission.MODIFY_AUDIO_SETTINGS

android.permission.READ_PHONE_STATE

android.permission.WRITE_EXTERNAL_STORAGE

android.permission.NFC

android.permission.VIBRATE

android.permission.ACCESS_FINE_LOCATION

android.permission.FLASHLIGHT

android.permission.ACCESS_COARSE_LOCATION

android.permission.ACCESS_WIFI_STATE

android.permission.BLUETOOTH_ADMIN

android.permission.INTERNET

android.permission.BROADCAST_STICKY

android.permission.REQUEST_INSTALL_PACKAGES

android.permission.READ_EXTERNAL_STORAGE

com.ebank.creditcard.permission.HCE_PUSH_MESSAGE

android.permission.SYSTEM_ALERT_WINDOW

android.permission.SYSTEM_OVERLAY_WINDOW

android.permission.RECORD_AUDIO

android.permission.WAKE_LOCK

android.permission.MOUNT_UNMOUNT_FILESYSTEMS

com.ebank.creditcard.permission.JPUSH_MESSAGE

android.permission.POST_NOTIFICATIONS

com.huawei.android.launcher.permission.CHANGE_BADGE

com.vivo.notification.permission.BADGE_ICON

android.permission.ACCESS_BACKGROUND_LOCATION

android.permission.QUERY_ALL_PACKAGES

android.permission.GET_TASKS

com.ebank.creditcard.permission.MIPUSH_RECEIVE

com.coloros.mcs.permission.RECIEVE_MCS_MESSAGE

com.heytap.mcs.permission.RECIEVE_MCS_MESSAGE

com.meizu.flyme.permission.PUSH

android.permission.READ_CALENDAR

android.permission.WRITE_CALENDAR

android.permission.DISABLE_KEYGUARD

android.permission.READ_SETTINGS

android.permission.SCHEDULE_EXACT_ALARM

getui.permission.GetuiService.com.ebank.creditcard

com.ebank.creditcard.permission.PROCESS_PUSH_MSG

com.ebank.creditcard.permission.PUSH_PROVIDER

com.meizu.flyme.push.permission.RECEIVE

com.meizu.c2dm.permission.RECEIVE

com.ebank.creditcard.push.permission.MESSAGE

com.ebank.creditcard.permission.C2D_MESSAGE

android.permission.USE_FINGERPRINT

android.permission.MANAGE_FINGERPRINT

cn.org.ifaa.permission.USE_IFAA_MANAGER