Overview

overview

8

Static

static

6

70259b128f...18.apk

android-9-x86

8

70259b128f...18.apk

android-11-x64

8

com.hermes...er.apk

android-9-x86

8

com.hermes...er.apk

android-10-x64

8

Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    android-9_x86
  • resource
    android-x86-arm-20240910-en
  • resource tags

    arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
  • submitted
    23-10-2024 17:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    com.hermes.superb.booster.apk

  • Size

    2.5MB

  • MD5

    bb818155f8c88a2883d52a1b1dd78e81

  • SHA1

    d21ddf05ee1ebdd4972f24759448bf890b0364f7

  • SHA256

    fbd1f055d71e7de66e09e83deba4c33ba61c91ab096c0939a157123309a9c49a

  • SHA512

    ffde8074ce8db61b04bba996addaa7647be7d0a5074719ecb0712784b48b20f792274aa4c72141cfe7a46345b3cc8889fe009a626de606a951eca3ef5cf3e0b5

  • SSDEEP

    49152:5d8DY7ANnHx+7g+vKVJwyAnhCf3YtE2RRwLuix1FVFkiMj94pnmJoHP:4WANnHx/+RymhCsE205Y/9gnmJov

Score
8/10
bankercollectiondiscoveryevasionpersistence

Malware Config

Signatures

  • Checks if the Android device is rooted. 1 TTPs 9 IoCs
    evasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Queries account information for other applications stored on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect account information stored on the device.

    collection
  • Queries information about active data network 1 TTPs 3 IoCs
    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 2 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 4 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 4 IoCs
    persistence
  • Checks CPU information 2 TTPs 2 IoCs
  • Checks memory information 2 TTPs 4 IoCs

Processes

  • com.hermes.superb.booster
    1⤵
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks memory information
    PID:4298
  • com.hermes.superb.booster.monitor
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4334
  • com.hermes.superb.booster.monitor
    1⤵
    • Checks if the Android device is rooted.
    • Queries account information for other applications stored on the device
    • Queries information about active data network
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks CPU information
    • Checks memory information
    PID:4618
  • com.hermes.superb.booster.monitor
    1⤵
    • Checks if the Android device is rooted.
    • Queries information about active data network
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Checks memory information
    PID:4796

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.hermes.superb.booster/databases/mobvista.adn.sdk.m.db
    Filesize

    16KB

    MD5

    86ad3daea9aeb5aa04bc63b233bbba7c

    SHA1

    bed20c545abdc8cf340b84d8be778c86d0c57fe0

    SHA256

    0ed0b5821e7d0c8a45f48c95b7d90078ae6f47d7f3b69a53014b43bf32335e92

    SHA512

    518af7b33d4f1febd799a8e9e54b1823ab216201dcfc6b3e8ba2b1ab96fe45298678ed5b0c02c7666bbd98381d52e03c27d85e9838245df794177c3257843eff

    Download Submit

  • /data/data/com.hermes.superb.booster/databases/mobvista.adn.sdk.m.db-journal
    Filesize

    4KB

    MD5

    8a0e4894aaf44d4ec251273550bf1f43

    SHA1

    7494093d3dfc5e91f1391677c8b1e33e0d06718b

    SHA256

    8a8d61a2dfdb172c01e038d04c1c74864b35af9d363799c9f7eb490c11682815

    SHA512

    39c87f8ccbf205b97a9b7693963a9a47ba9647e1fa3cdfa8d5d4bb2461f1eaf80891fb49d72fd73579b3f0484c1386e922c55d962599a9a9b8d978bcff1ac0b2

    Download Submit

  • /data/data/com.hermes.superb.booster/databases/mobvista.adn.sdk.m.db-shm
    Filesize

    164KB

    MD5

    ada571d388ed5f5908be40cc89a273da

    SHA1

    1848dd50633948d579f6ab65c064d7cca0a93fa7

    SHA256

    ade0cdf77b4f8e1ca6f2d809d682c734ef885919a25ca3df73e5adc294b66380

    SHA512

    88c03cff1d39bedccd08a9d30075962c3e352d1f0900a49781094cc59761e4d7a9419659c291d36cadec0c93c4e8bd80f3d27455d1a2059ed030a11d02de2869

    Download Submit

  • /data/data/com.hermes.superb.booster/databases/mobvista.adn.sdk.m.db-wal
    Filesize

    48KB

    MD5

    865e9d243993841ed0eba4a61dcf8c94

    SHA1

    bd42aa4d2aa8220e07af6471e550784ee3ae32ac

    SHA256

    f91f4cd7f98275b21e4e2d2a1644d51398b0175e99b3912fb567a1a2a730b224

    SHA512

    aa3210db8e3f9833e2e73a95b47eaffc2895ba68747e2783cd7dba01a54d13eaade0f3ad7c9c0c11b640f7c78f7cecda9991491143d0c5057aa67fb280fe1937

    Download Submit

  • /data/data/com.hermes.superb.booster/files/daemon
    Filesize

    39KB

    MD5

    e7ad849f886c82e29a06e2a1f227672f

    SHA1

    48d90ed98ff0d428ebcd179745bc704ce94816d7

    SHA256

    4fe979a252a71660ce7abee34609aa320c9fe619413edb7ad40431610af08a4e

    SHA512

    f13c6cbc8e30a87be7f900f2dc49f1a208532f58b4d492252d30ce4afee62b2c6b8da236b52e91da606d24a556b497baf7a57067feec5f3ff06a125965fe6289

    Download Submit

  • /storage/emulated/0/Android/data/system/drivers/1ec9ff196581a657/lut
    Filesize

    40B

    MD5

    0f5e41f58349464d7c009901e185b1e9

    SHA1

    2d106fe767a0b93c5fed4dd547800c53c2bc0a19

    SHA256

    ba9da751e3ace08080edda7bd4a72d6e0922dd04235f0bb5b405caa5938e3edb

    SHA512

    3556776928797de26f79834490a489d368ab2560cdae6f94c3bdd4d916bcf0abd1497b58f82b8a15b3118383e385d643020ddfa715eb3043bab1ee3005d84cbe

    Download Submit