Overview

overview

10

Static

static

7

3077d5358d...52.apk

android-9-x86

10

3077d5358d...52.apk

android-10-x64

10

3077d5358d...52.apk

android-11-x64

10

closebutton.html

windows7-x64

1

closebutton.html

windows10-2004-x64

1

core_wrapper.js

windows7-x64

1

core_wrapper.js

windows10-2004-x64

1

help.htm

windows7-x64

1

help.htm

windows10-2004-x64

1

help_cs.htm

windows7-x64

1

help_cs.htm

windows10-2004-x64

1

help_uk.htm

windows7-x64

1

help_uk.htm

windows10-2004-x64

1

license.htm

windows7-x64

1

license.htm

windows10-2004-x64

1

mraid.js

windows7-x64

1

mraid.js

windows10-2004-x64

1

omsdk-v1.js

windows7-x64

1

omsdk-v1.js

windows10-2004-x64

1

playstore.htm

windows7-x64

1

playstore.htm

windows10-2004-x64

1

privacy_cn.htm

windows7-x64

1

privacy_cn.htm

windows10-2004-x64

1

totalcmd_d...ng.htm

windows7-x64

1

totalcmd_d...ng.htm

windows10-2004-x64

1

totalcmd_p...cy.htm

windows7-x64

1

totalcmd_p...cy.htm

windows10-2004-x64

1

wifi_rc.html

windows7-x64

1

wifi_rc.html

windows10-2004-x64

1

Analysis

  • max time kernel
    1240800s
  • max time network
    158s
  • platform
    android_x86
  • resource
    android-x86-arm-20230831-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20230831-enlocale:en-usos:android-9-x86system
  • submitted
    19-10-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3077d5358dfadec5956dd3db5a28c4e416332c5a4d44deb96b3fccc907f18452.apk

  • Size

    2.7MB

  • MD5

    54f85f012dd01b28ba3b8b5b71637709

  • SHA1

    8a4e72cb1ae1ccc9a155d4cb7e4d7476f64d6918

  • SHA256

    3077d5358dfadec5956dd3db5a28c4e416332c5a4d44deb96b3fccc907f18452

  • SHA512

    3ac0254f808465a853ccbd5ab289bc456253d522896fbceacddf5f7ade645c842d03373857b83b69289d2f70775a639ffcc6729f3f6e4cc6a59a6d9c81352e6e

  • SSDEEP

    49152:sbSAO1Ah8i6uzPXVzg84H76Fg/fw/pQdUYl/LTPy+BRo1JbG0:9AO1r9wPXVWH76FBpQaC/1BRoS0

Score
10/10
ermachookbankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

ermac

AES_key

Extracted

Family

hook

AES_key

Signatures

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac
  • Ermac2 payload 2 IoCs
  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 2 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.xadayamuluceti.sabixu
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4161
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.xadayamuluceti.sabixu/app_DynamicOptDex/HFhXsL.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.xadayamuluceti.sabixu/app_DynamicOptDex/oat/x86/HFhXsL.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4186

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.xadayamuluceti.sabixu/app_DynamicOptDex/HFhXsL.json
    Filesize

    674KB

    MD5

    ef47cdab541a17542f9c256500f88673

    SHA1

    a57335900b6932306ac287b593b91ac8cd7613bf

    SHA256

    09766f2d5d5a2a2393234a2b95a196e8a0be29f5c8837cdd2699b6b569bdf512

    SHA512

    ef8a9159122e0d635d14a803c0ff361b5c84fbc5c2f8c1e4b90e75419bc435888aa9ae92eef96c4e08907b149c4934033f8dbe0d06d3afc0109d8d60585c0258

    Download Submit

  • /data/data/com.xadayamuluceti.sabixu/app_DynamicOptDex/HFhXsL.json
    Filesize

    674KB

    MD5

    b9b389274b78ec025e203efb985acb81

    SHA1

    24444570b38533f2e1c5f059b3ae144321d1f768

    SHA256

    ccb013d8e1ce0ca69d6c8c19a43af771e56c2ce332c28b60a5c7bb4abddd201c

    SHA512

    854b1522998b4bae345eb5db691bad0f1a87de44e7e548a6dc8c1872f4ec51e2fcb073c98c9b6e3c4a25ac64cb18efc2d1d74a45a911015ed9c6ba3af4030e68

    Download Submit

  • /data/data/com.xadayamuluceti.sabixu/app_DynamicOptDex/oat/HFhXsL.json.cur.prof
    Filesize

    2KB

    MD5

    5097723f28066836de02c2df3fdf59cd

    SHA1

    b51829f0142e77f8ba4ce4dafd6ecc8fd237e3ce

    SHA256

    70f59973bbbb617132c1e3f1cc893bf928e416320de1a9f3bedc97e10c382b57

    SHA512

    9a7f498c5f95c0c097644a9e9d7edf7cc9e6992e2077454ddc5ba00761ef8eacbf3f5f9a00690037859e54ac68022cf4ec729877e1b32907c060b486ac49640f

    Download Submit

  • /data/data/com.xadayamuluceti.sabixu/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.xadayamuluceti.sabixu/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    8354e014a963ad6c2b0d4664b2fbea53

    SHA1

    61af45af1576106165fee257d4dc97ec2439341a

    SHA256

    136f6eeba9dfa4c0a7c26e5bf1b3bbde9f43779fbe8bb696860516a27f02690a

    SHA512

    f14d93f4072a07720d95f0cda8d07a8e0c4b1d8a1228c7cd774e07cf474bd0938cec486e535b8897208c188e0497304d67877be865b16bd6f60b5868a146c10e

    Download Submit

  • /data/data/com.xadayamuluceti.sabixu/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.xadayamuluceti.sabixu/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    be3444cb9a6c11b6ba66f7629af3bbb4

    SHA1

    3dffdc03e6b633da74f062e72119d9f72bb9f933

    SHA256

    285755fd1f03e13726e1d3494818ce23b0849476a48cee7c3ee9562214954062

    SHA512

    29b7c8b0e6e3836cbfbe891a3ec41042d6bf7a5ece1bdcd8d0f6d5ac5a1595c99023f4a7ad007f958e617c0d218602efe600ff46f84f320fe138493508329810

    Download Submit

  • /data/data/com.xadayamuluceti.sabixu/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    3c276d0b779c872cfd89c5801fb08fc0

    SHA1

    10b15d010cf31be0c41bea31600c73e998a8c905

    SHA256

    98ecaeb20c93ff6ac49d0aaa1730da56b06457347723c33670a98ced4094b42a

    SHA512

    21e923d7e8872c9e91cd6a6c4c18bf73e4555225d622223a8a41861676684357648ffd137b72e43cf2135aeacf2f3b1514c3718d4c8ef8044ea6505fa57297ae

    Download Submit

  • /data/data/com.xadayamuluceti.sabixu/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    faf8b419b0416bfdfa95e18210a9dda0

    SHA1

    cd1a0901fd6a5e1e6c829d1c38c8ebb75923929e

    SHA256

    4eceea15b9804d59e392e36af670daa517d1a04eb191b4c8793892f16fdf8d88

    SHA512

    c8df6938fc9a3ccdf4311bb22fb7a1c71d9adfe676fa3bd2d7940034df0444257c595fb6782a083c15a7dff6c0bb42b937dbcffefcb1f389ce6f470ddf2afbde

    Download Submit

  • /data/user/0/com.xadayamuluceti.sabixu/app_DynamicOptDex/HFhXsL.json
    Filesize

    1.5MB

    MD5

    c9de89252e242da641f95999696987f7

    SHA1

    2c98e950aaa9556e7a270f81ce052590c43c928f

    SHA256

    5e82ffe30e655cec57b4db5b23b47d71cfe2792161295195a6af06d512562327

    SHA512

    531dfde22e4160a63ffa05ba94451b8f6be6067aa3051cf3e8dd36beaf2e45f38ef74b6b799962105defb7ec1cc9ae6ef784bfef8cfb6375541237f5f3a386e1

    Download Submit

  • /data/user/0/com.xadayamuluceti.sabixu/app_DynamicOptDex/HFhXsL.json
    Filesize

    1.5MB

    MD5

    77dea45c30ffabf3ff6688d62fc73366

    SHA1

    80b6c2bd5b759dad4a2d9ed57420f0408a6a1d5d

    SHA256

    4d53e5a2688f9b4bab76142af98524154bf3bdc5de3bf98455a8f157999edbf7

    SHA512

    4a1afdf64514215602361bb51c0eb6a505945b3764e26092ce0007a29ce5df317851af2c781d2b0d955e7e29275344fc7b1afbd25b7db20b8cfe6eed79428c30

    Download Submit