General

  • Target

    googlemap.apk

  • Size

    2.3MB

  • Sample

    220803-j5ctbshab3

  • MD5

    19b095b01318ad679f5ff1d06ce143db

  • SHA1

    e3dd97d403a9585ea0653f4134e4e5db4e5f6207

  • SHA256

    cdf66b98f90a9e83b204bf2bb28915784f9e9ad4d2fb86648d1d1f7d3152dadd

  • SHA512

    343126f50ab14194c63ec3be40b4d792bb9af0db43250f9f6baf92bc04356701352624693cd775f3c8051bc7282274defb1047790e4bec1492b53326c662cbb7

Malware Config

Extracted

Family

ermac

AES_key
AES_key

Targets

    • Target

      googlemap.apk

    • Size

      2.3MB

    • MD5

      19b095b01318ad679f5ff1d06ce143db

    • SHA1

      e3dd97d403a9585ea0653f4134e4e5db4e5f6207

    • SHA256

      cdf66b98f90a9e83b204bf2bb28915784f9e9ad4d2fb86648d1d1f7d3152dadd

    • SHA512

      343126f50ab14194c63ec3be40b4d792bb9af0db43250f9f6baf92bc04356701352624693cd775f3c8051bc7282274defb1047790e4bec1492b53326c662cbb7

    • Ermac

      An Android banking trojan first seen in July 2021.

    • Ermac2 payload

    • Makes use of the framework's Accessibility service.

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Queries the unique device ID (IMEI, MEID, IMSI).

    • Reads information about phone network operator.

    • Removes a system notification.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks