ermac | d2989bc4c7ab5aa272bd2249dcf99462c7836b8bbb752bb4dade2ef70e92b03e | Triage

Analysis

max time kernel
2013833s
max time network
155s
platform
android_x64
resource
android-x64-arm64
submitted
20-01-2022 15:03

Sharing

Report Analysis Logs

General

Target

d2989bc4c7ab5aa272bd2249dcf99462c7836b8bbb752bb4dade2ef70e92b03e.apk
Size

3.8MB
MD5

16835e5da40cd90420d42b8fc3eaeafe
SHA1

e98c3c3d2c8f57fb7279abdb987219cf7529817e
SHA256

d2989bc4c7ab5aa272bd2249dcf99462c7836b8bbb752bb4dade2ef70e92b03e
SHA512

f69305f0c9d6d5e4fd6451ffa00a6d6f0a99028d8af228f57dff85b4b7324f5c838232c6771d4003d6eb189cb5aadc6469776a43bc816b6e9ac8f9685a1dd5d5

Score

10^/10

ermac banker infostealer ransomware trojan

Malware Config

Signatures

Ermac
An android banking trojan first seen in July 2021.
banker trojan infostealer ermac

Ermac Payload 1 IoCs

resource	yara_rule
behavioral1/memory/6305-0.dex	family_ermac

Makes use of the framework's Accessibility service. 1 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.ptiivfhykvrxrakc.sbtf

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.ptiivfhykvrxrakc.sbtf/fqqfeeujjo/uiamwjhkbfhviul/base.apk.ezpsnak1.rad	6305	com.ptiivfhykvrxrakc.sbtf

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.ptiivfhykvrxrakc.sbtf

com.ptiivfhykvrxrakc.sbtf
1⤵
- Makes use of the framework's Accessibility service.
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:6305

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads