Overview

overview

10

Static

static

7

975bf6a402...cb.apk

android-9-x86

10

975bf6a402...cb.apk

android-10-x64

10

975bf6a402...cb.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

help.htm

windows7-x64

1

help.htm

windows10-2004-x64

1

help_cs.htm

windows7-x64

1

help_cs.htm

windows10-2004-x64

1

help_uk.htm

windows7-x64

1

help_uk.htm

windows10-2004-x64

1

license.htm

windows7-x64

1

license.htm

windows10-2004-x64

1

mraid.js

windows7-x64

1

mraid.js

windows10-2004-x64

1

omsdk-v1.js

windows7-x64

1

omsdk-v1.js

windows10-2004-x64

1

playstore.htm

windows7-x64

1

playstore.htm

windows10-2004-x64

1

privacy_cn.htm

windows7-x64

1

privacy_cn.htm

windows10-2004-x64

1

totalcmd_d...ng.htm

windows7-x64

1

totalcmd_d...ng.htm

windows10-2004-x64

1

totalcmd_p...cy.htm

windows7-x64

1

totalcmd_p...cy.htm

windows10-2004-x64

1

wifi_rc.html

windows7-x64

1

wifi_rc.html

windows10-2004-x64

1

Analysis

  • max time kernel
    1240936s
  • max time network
    161s
  • platform
    android_x64
  • resource
    android-x64-20230831-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20230831-enlocale:en-usos:android-10-x64system
  • submitted
    19-10-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    975bf6a4021c964ace26e9a0518856955e111b1d2b2cb7c4e4bb98dd12df64cb.apk

  • Size

    2.7MB

  • MD5

    89ded4d8575d61e76cee9289c05942a1

  • SHA1

    e96a311318c67b246e7e20a2c9c4ec80dba71553

  • SHA256

    975bf6a4021c964ace26e9a0518856955e111b1d2b2cb7c4e4bb98dd12df64cb

  • SHA512

    b333b82594c7a0caf407498dff54ce69c3198877a5a6c0791c78a53e897aab26f48ae7d64131a6080732770b8c0df4073336ef57c3a77ee6f375bea9b31d277f

  • SSDEEP

    49152:joIlzTMs1p+6YW3g8s2QdUYl/LTPy+BZT8/HS9KCFoGo9z6t:MaMUYW62QaC/1BZTgHS9C9Gt

Score
10/10
ermachookbankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

ermac

AES_key

Extracted

Family

hook

AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 2 IoCs
  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.xadayamuluceti.sabixu
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4879

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.xadayamuluceti.sabixu/app_DynamicOptDex/HFhXsL.json
    Filesize

    674KB

    MD5

    ef47cdab541a17542f9c256500f88673

    SHA1

    a57335900b6932306ac287b593b91ac8cd7613bf

    SHA256

    09766f2d5d5a2a2393234a2b95a196e8a0be29f5c8837cdd2699b6b569bdf512

    SHA512

    ef8a9159122e0d635d14a803c0ff361b5c84fbc5c2f8c1e4b90e75419bc435888aa9ae92eef96c4e08907b149c4934033f8dbe0d06d3afc0109d8d60585c0258

    Download Submit

  • /data/data/com.xadayamuluceti.sabixu/app_DynamicOptDex/HFhXsL.json
    Filesize

    674KB

    MD5

    b9b389274b78ec025e203efb985acb81

    SHA1

    24444570b38533f2e1c5f059b3ae144321d1f768

    SHA256

    ccb013d8e1ce0ca69d6c8c19a43af771e56c2ce332c28b60a5c7bb4abddd201c

    SHA512

    854b1522998b4bae345eb5db691bad0f1a87de44e7e548a6dc8c1872f4ec51e2fcb073c98c9b6e3c4a25ac64cb18efc2d1d74a45a911015ed9c6ba3af4030e68

    Download Submit

  • /data/data/com.xadayamuluceti.sabixu/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.xadayamuluceti.sabixu/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    c13f851819b6aaa16d6da7153119974e

    SHA1

    a1741b2cc682faef58edcf8bb361b9b0279b05d0

    SHA256

    b0a6b5e21c119158cb033d06a0ac6d568493068eb1e78309304f838df587c095

    SHA512

    9a1f3b44565e62db45cc2591bc6486d47c6478697f937e25450772aac931c10f7a21e65f33d01c77b7ff8ffc29ae51f32790f474b92596c3b85a3f497e3a0e8e

    Download Submit

  • /data/data/com.xadayamuluceti.sabixu/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.xadayamuluceti.sabixu/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    830c74b4a315b4892c249b309f1043b4

    SHA1

    d2da6f296b49f548bae04e9106fb351b81fd0037

    SHA256

    e52261b81eb7b2c87b4d8bc3a9d6ca5a5706c4ae0286a24f1e88fd8034a57192

    SHA512

    28df128d07b12bcffebff06c571b28da840961411d37bc721f54fa6d566c9cf37c9b28674921f481001a3412fa380e1f0b8274eaa9fdecb49a0d0c9a85b2b96c

    Download Submit

  • /data/data/com.xadayamuluceti.sabixu/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    f02c567511759fea23b1d555ff01f846

    SHA1

    9bdc8eaa1965a16ed24e6e0b9437fe92b6799516

    SHA256

    5d22ff7b51929304542813a51465ae2cf33f87d9ede4881d9ff6a81c8ba2b489

    SHA512

    2dc94a56ba8e7d54fe538e06f5b10a6ac846170db7b6fb4dfaddb7b1eb8d5e3fd8015c5ae91aad9374ad6a0ce1a089a1129024fe35e3a188d0e5743475eb9f75

    Download Submit

  • /data/data/com.xadayamuluceti.sabixu/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    c25f5132867d3ced6d306b68fa69afbd

    SHA1

    64d6124cf640146c1cbbeff09e13e38289c18b67

    SHA256

    0f93708dad3218fda13d1d698e3302d3ff1dd1c6909981fee654e32263212ed4

    SHA512

    92298147264eef998ce4562f954dd0ff771be61043f3ecb724d258ca75556263cbca6b8870cce0110a54716f78425895d14a295350af7909a1dc9e661dd77f48

    Download Submit

  • /data/user/0/com.xadayamuluceti.sabixu/app_DynamicOptDex/HFhXsL.json
    Filesize

    1.5MB

    MD5

    77dea45c30ffabf3ff6688d62fc73366

    SHA1

    80b6c2bd5b759dad4a2d9ed57420f0408a6a1d5d

    SHA256

    4d53e5a2688f9b4bab76142af98524154bf3bdc5de3bf98455a8f157999edbf7

    SHA512

    4a1afdf64514215602361bb51c0eb6a505945b3764e26092ce0007a29ce5df317851af2c781d2b0d955e7e29275344fc7b1afbd25b7db20b8cfe6eed79428c30

    Download Submit

  • [anon:dalvik-classes.dex extracted in memory from /data/user/0/com.xadayamuluceti.sabixu/app_DynamicOptDex/HFhXsL.json]
    Filesize

    1.5MB

    MD5

    77dea45c30ffabf3ff6688d62fc73366

    SHA1

    80b6c2bd5b759dad4a2d9ed57420f0408a6a1d5d

    SHA256

    4d53e5a2688f9b4bab76142af98524154bf3bdc5de3bf98455a8f157999edbf7

    SHA512

    4a1afdf64514215602361bb51c0eb6a505945b3764e26092ce0007a29ce5df317851af2c781d2b0d955e7e29275344fc7b1afbd25b7db20b8cfe6eed79428c30

    Download Submit