ermac | e0d2b13e45213bbb392b8ac873879afb87ec89155b8234c61facbe060acb2fd0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

7

3fc0ef6653...df.apk

android-9-x86

1

3fc0ef6653...df.apk

android-10-x64

7

3fc0ef6653...df.apk

android-11-x64

Sharing

General

Target

3fc0ef665382cc3a2c23100625a1fedf.apk
Size

3.6MB
Sample

220821-h3g5laeedl
MD5

3fc0ef665382cc3a2c23100625a1fedf
SHA1

b39fc47f0eb2d862a2b79ea3a88e0a8f46e6858d
SHA256

e0d2b13e45213bbb392b8ac873879afb87ec89155b8234c61facbe060acb2fd0
SHA512

c589240e0eea1a938a699be40be87b6b2c9f665494187be35b657ac95eb1d9fae4938eac26acfeae4324912a01c7eb84e3c358c84e0c934b0d9289b1e72ea17a
SSDEEP

98304:mT+bUWnEptRTXkOTAZJqpCp3w/HpkEac4huDtP42BqjkT:BZnE4OO3UJkEa7hcpqY

Score

10^/10

ermac android banker evasion infostealer ransomware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3fc0ef665382cc3a2c23100625a1fedf.apk

Resource

android-x86-arm-20220621-en

android-9-x86

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

3fc0ef665382cc3a2c23100625a1fedf.apk

Resource

android-x64-20220621-en

android-10-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

3fc0ef665382cc3a2c23100625a1fedf.apk

Resource

android-x64-arm64-20220621-en

ermac banker evasion infostealer ransomware trojan

android-11-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

ermac

C2

http://62.204.41.98:3434

AES_key

1
736f73695f736f7369736f6e5f5f5f5f

AES_key

1
3141317a5031655035514765666932444d505466544c35534c6d763744697666

Targets

- Target
  
  3fc0ef665382cc3a2c23100625a1fedf.apk
- Size
  
  3.6MB
- MD5
  
  3fc0ef665382cc3a2c23100625a1fedf
- SHA1
  
  b39fc47f0eb2d862a2b79ea3a88e0a8f46e6858d
- SHA256
  
  e0d2b13e45213bbb392b8ac873879afb87ec89155b8234c61facbe060acb2fd0
- SHA512
  
  c589240e0eea1a938a699be40be87b6b2c9f665494187be35b657ac95eb1d9fae4938eac26acfeae4324912a01c7eb84e3c358c84e0c934b0d9289b1e72ea17a
- SSDEEP
  
  98304:mT+bUWnEptRTXkOTAZJqpCp3w/HpkEac4huDtP42BqjkT:BZnE4OO3UJkEa7hcpqY
Score

10^/10

ransomware ermac banker evasion infostealer trojan
- Ermac
  An Android banking trojan first seen in July 2021.
  banker trojan infostealer ermac
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Queries the unique device ID (IMEI, MEID, IMSI).
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

ermacbankerevasioninfostealerransomwaretrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.