ermac | 0892942b07717a4fdef6639d02c56ce6ddb8e599529d299facaeda1c0cb16808 | Triage

Sharing

General

Target

4d291ffddce396d078d16f10c35d5e2e.apk
Size

3.6MB
Sample

220821-h6sqhahbe9
MD5

4d291ffddce396d078d16f10c35d5e2e
SHA1

1d9727aaf55191c9876e7c4b376dc2a6dd027a06
SHA256

0892942b07717a4fdef6639d02c56ce6ddb8e599529d299facaeda1c0cb16808
SHA512

1157293368632554da526e7795b1761877333e9d8eba34ccb21a45305aa88d58781ab42e5a7dfcd279ed23cc6317c6edf0609a175927551919ef60994da02452
SSDEEP

98304:cN6uQZn8I4hoe+t+wgBxtxvAoJ+g2EtoAO2:cEcoft7kL1AdEtoA7

Score

10^/10

ermac android banker evasion infostealer ransomware trojan

Malware Config

Extracted

Family

ermac

C2

http://62.204.41.98:3434

AES_key

AES_key

Targets

- Target
  
  4d291ffddce396d078d16f10c35d5e2e.apk
- Size
  
  3.6MB
- MD5
  
  4d291ffddce396d078d16f10c35d5e2e
- SHA1
  
  1d9727aaf55191c9876e7c4b376dc2a6dd027a06
- SHA256
  
  0892942b07717a4fdef6639d02c56ce6ddb8e599529d299facaeda1c0cb16808
- SHA512
  
  1157293368632554da526e7795b1761877333e9d8eba34ccb21a45305aa88d58781ab42e5a7dfcd279ed23cc6317c6edf0609a175927551919ef60994da02452
- SSDEEP
  
  98304:cN6uQZn8I4hoe+t+wgBxtxvAoJ+g2EtoAO2:cEcoft7kL1AdEtoA7
Score

10^/10

ermac banker evasion infostealer ransomware trojan
- Ermac
  An Android banking trojan first seen in July 2021.
  banker trojan infostealer ermac
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

ermacbankerevasioninfostealerransomwaretrojan

behavioral2

behavioral3