ermac | e726697d7f682a6b2be61ae887b80275ca124da0350020ead46c52781bd22e39 | Triage

Submit
Reports

Overview

overview

Static

static

7

53.apk

android_x86

1

53.apk

android_x64

53.apk

android_x64

Resubmissions

13-07-2022 10:04

220713-l3xrtscgdn 8

Sharing

General

Target

53.apk
Size

2.3MB
Sample

220713-l3xrtscgdn
MD5

532976a909d2a833efb1dea9f025d63b
SHA1

6af5fc7790be9c0ff466e31dd33ace5b587d2674
SHA256

e726697d7f682a6b2be61ae887b80275ca124da0350020ead46c52781bd22e39
SHA512

83eb6c4c17715936ea8d38b7a92e73a82de91283b7acdcbe9b39aaa9bf18d33441a1f6712a9b32c1e9ee05134725e21f08dc510af387d9a6dbee59a02c7fe078

Score

10^/10

ermac android banker evasion infostealer ransomware trojan

Static task

static1

Behavioral task

behavioral1

Sample

53.apk

Resource

android-x86-arm-20220621-en

android_x86

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

53.apk

Resource

android-x64-20220621-en

ermac banker infostealer ransomware trojan

android_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

53.apk

Resource

android-x64-arm64-20220621-en

ermac banker evasion infostealer ransomware trojan

android_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

ermac

AES_key

AES_key

Targets

- Target
  
  53.apk
- Size
  
  2.3MB
- MD5
  
  532976a909d2a833efb1dea9f025d63b
- SHA1
  
  6af5fc7790be9c0ff466e31dd33ace5b587d2674
- SHA256
  
  e726697d7f682a6b2be61ae887b80275ca124da0350020ead46c52781bd22e39
- SHA512
  
  83eb6c4c17715936ea8d38b7a92e73a82de91283b7acdcbe9b39aaa9bf18d33441a1f6712a9b32c1e9ee05134725e21f08dc510af387d9a6dbee59a02c7fe078
Score

10^/10

ermac banker infostealer ransomware trojan evasion
- Ermac
  An Android banking trojan first seen in July 2021.
  banker trojan infostealer ermac
- Ermac2 payload
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Queries the unique device ID (IMEI, MEID, IMSI).
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

ermacbankerinfostealerransomwaretrojan

behavioral3

ermacbankerevasioninfostealerransomwaretrojan

© 2018-2024

Terms | Privacy