Overview

overview

10

Static

static

7

975bf6a402...cb.apk

android-9-x86

10

975bf6a402...cb.apk

android-10-x64

10

975bf6a402...cb.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

help.htm

windows7-x64

1

help.htm

windows10-2004-x64

1

help_cs.htm

windows7-x64

1

help_cs.htm

windows10-2004-x64

1

help_uk.htm

windows7-x64

1

help_uk.htm

windows10-2004-x64

1

license.htm

windows7-x64

1

license.htm

windows10-2004-x64

1

mraid.js

windows7-x64

1

mraid.js

windows10-2004-x64

1

omsdk-v1.js

windows7-x64

1

omsdk-v1.js

windows10-2004-x64

1

playstore.htm

windows7-x64

1

playstore.htm

windows10-2004-x64

1

privacy_cn.htm

windows7-x64

1

privacy_cn.htm

windows10-2004-x64

1

totalcmd_d...ng.htm

windows7-x64

1

totalcmd_d...ng.htm

windows10-2004-x64

1

totalcmd_p...cy.htm

windows7-x64

1

totalcmd_p...cy.htm

windows10-2004-x64

1

wifi_rc.html

windows7-x64

1

wifi_rc.html

windows10-2004-x64

1

Analysis

  • max time kernel
    1240916s
  • max time network
    147s
  • platform
    android_x64
  • resource
    android-x64-arm64-20230831-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230831-enlocale:en-usos:android-11-x64system
  • submitted
    19-10-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    975bf6a4021c964ace26e9a0518856955e111b1d2b2cb7c4e4bb98dd12df64cb.apk

  • Size

    2.7MB

  • MD5

    89ded4d8575d61e76cee9289c05942a1

  • SHA1

    e96a311318c67b246e7e20a2c9c4ec80dba71553

  • SHA256

    975bf6a4021c964ace26e9a0518856955e111b1d2b2cb7c4e4bb98dd12df64cb

  • SHA512

    b333b82594c7a0caf407498dff54ce69c3198877a5a6c0791c78a53e897aab26f48ae7d64131a6080732770b8c0df4073336ef57c3a77ee6f375bea9b31d277f

  • SSDEEP

    49152:joIlzTMs1p+6YW3g8s2QdUYl/LTPy+BZT8/HS9KCFoGo9z6t:MaMUYW62QaC/1BZTgHS9C9Gt

Score
10/10
ermachookbankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

ermac

AES_key

Extracted

Family

hook

AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 1 IoCs
  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.xadayamuluceti.sabixu
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4633

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.xadayamuluceti.sabixu/app_DynamicOptDex/HFhXsL.json
    Filesize

    674KB

    MD5

    ef47cdab541a17542f9c256500f88673

    SHA1

    a57335900b6932306ac287b593b91ac8cd7613bf

    SHA256

    09766f2d5d5a2a2393234a2b95a196e8a0be29f5c8837cdd2699b6b569bdf512

    SHA512

    ef8a9159122e0d635d14a803c0ff361b5c84fbc5c2f8c1e4b90e75419bc435888aa9ae92eef96c4e08907b149c4934033f8dbe0d06d3afc0109d8d60585c0258

    Download Submit

  • /data/user/0/com.xadayamuluceti.sabixu/app_DynamicOptDex/HFhXsL.json
    Filesize

    674KB

    MD5

    b9b389274b78ec025e203efb985acb81

    SHA1

    24444570b38533f2e1c5f059b3ae144321d1f768

    SHA256

    ccb013d8e1ce0ca69d6c8c19a43af771e56c2ce332c28b60a5c7bb4abddd201c

    SHA512

    854b1522998b4bae345eb5db691bad0f1a87de44e7e548a6dc8c1872f4ec51e2fcb073c98c9b6e3c4a25ac64cb18efc2d1d74a45a911015ed9c6ba3af4030e68

    Download Submit

  • /data/user/0/com.xadayamuluceti.sabixu/app_DynamicOptDex/HFhXsL.json
    Filesize

    1.5MB

    MD5

    77dea45c30ffabf3ff6688d62fc73366

    SHA1

    80b6c2bd5b759dad4a2d9ed57420f0408a6a1d5d

    SHA256

    4d53e5a2688f9b4bab76142af98524154bf3bdc5de3bf98455a8f157999edbf7

    SHA512

    4a1afdf64514215602361bb51c0eb6a505945b3764e26092ce0007a29ce5df317851af2c781d2b0d955e7e29275344fc7b1afbd25b7db20b8cfe6eed79428c30

    Download Submit

  • /data/user/0/com.xadayamuluceti.sabixu/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/user/0/com.xadayamuluceti.sabixu/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    9f310df066f4cf9c7c0e93f42f2e144b

    SHA1

    8d944678acff4d70ff0ec9c693ae4f228c76983b

    SHA256

    f08ae55ffd20a9fdd8a6664b7b12f05bb87328a007863d27914f3d3d2084d84f

    SHA512

    5edb69c5e0b2fd943139650d11c1691bd7a2262c5004d2b1586035859205c6c95276f8d40e45330be05fbd625f5f172988d725bc32bc6fb66dbce5ba122493f0

    Download Submit

  • /data/user/0/com.xadayamuluceti.sabixu/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/user/0/com.xadayamuluceti.sabixu/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    d9a5046f350c9e53d6c9fecb2ee9cf58

    SHA1

    e0475a1d137954551d7bab62299a170f747b0cba

    SHA256

    b21c8f7f0e9b15ea86d6394559ecbac5d6a1a57000ccd1ee53873f0c4adb6577

    SHA512

    963f4d1e406b230223337cd0be972aed23a726f8d0ea46312885da04f00bebbfbf7257e7b1f28051af286c96ccdb2db1a0ddbcf0301416f8f49d2b8f778a5f7e

    Download Submit

  • /data/user/0/com.xadayamuluceti.sabixu/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    c6cd22d2e9029e02342cf243afc6d229

    SHA1

    afd33a1ffe15891c3cfaec0b6d28ed079d98fde2

    SHA256

    5ef4550238f3a8da6d52fe2baf1dbe5e4bf84e4d604ca4115224a21d104ce153

    SHA512

    569ca800677d9296f52eefe9be37c73be809b6d29a59dd3e233aa72c7921b68cbf572778043593d3dfaea1a1f8f852603b40a50feebfeaafd7562a1155fa890f

    Download Submit

  • /data/user/0/com.xadayamuluceti.sabixu/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    418d6ead2c5909dfe69a0cc90d65668f

    SHA1

    054d68278678b754de1a0f0970595a7a682b5b75

    SHA256

    94a7fc8c7aea1f35f7a860e53f4411d69e6b212be7b599d7b18d65bebf1c9bdb

    SHA512

    7838623bb2cff8d6b2483bd61f9a7d4433bd386978eaa6abbfedbe316d85e4bed364df9b29a23b305a2e77fd21f2f8a1cab3ba15d5f3b8c8ff3733af3877303f

    Download Submit