ermac | 9eceb9cfa14c5f82cf31bdced380faec9bf35060defe355c066e1acb36ba66ea | Triage

Submit
Reports

Overview

overview

Static

static

7

psk.apk

android_x86

psk.apk

android_x64

psk.apk

android_x64

Sharing

General

Target

psk.apk
Size

2.0MB
Sample

220505-jzd47sffc6
MD5

26bbb10b28f49e3f0802e515b80b433c
SHA1

e92586db0d1e1699baba2de748562d11b2177380
SHA256

9eceb9cfa14c5f82cf31bdced380faec9bf35060defe355c066e1acb36ba66ea
SHA512

1febd124383efddad324b0cc6f0ce73fd231f0e8bcc85e076622533a66d30b3a86505acb079cce77d258f155ccc8522c645da49f5bd90cf2cc15d20560166ac0

Score

10^/10

ermac android banker evasion infostealer ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

psk.apk

Resource

android-x86-arm-20220310-en

ermac banker evasion infostealer ransomware trojan

android_x86

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

psk.apk

Resource

android-x64-20220310-en

ermac banker infostealer ransomware trojan

android_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

psk.apk

Resource

android-x64-arm64-20220310-en

ermac banker evasion infostealer ransomware trojan

android_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

ermac

C2

http://193.106.191.118:3434

AES_key

1
736f73695f736f7369736f6e5f5f5f5f

AES_key

1
3141317a5031655035514765666932444d505466544c35534c6d763744697666

Targets

- Target
  
  psk.apk
- Size
  
  2.0MB
- MD5
  
  26bbb10b28f49e3f0802e515b80b433c
- SHA1
  
  e92586db0d1e1699baba2de748562d11b2177380
- SHA256
  
  9eceb9cfa14c5f82cf31bdced380faec9bf35060defe355c066e1acb36ba66ea
- SHA512
  
  1febd124383efddad324b0cc6f0ce73fd231f0e8bcc85e076622533a66d30b3a86505acb079cce77d258f155ccc8522c645da49f5bd90cf2cc15d20560166ac0
Score

10^/10

ermac banker evasion infostealer ransomware trojan
- Ermac
  An Android banking trojan first seen in July 2021.
  banker trojan infostealer ermac
- Ermac2 payload
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Queries the unique device ID (IMEI, MEID, IMSI).
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

ermacbankerevasioninfostealerransomwaretrojan

behavioral2

ermacbankerinfostealerransomwaretrojan

behavioral3

ermacbankerevasioninfostealerransomwaretrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.