Overview

overview

10

Static

static

7

0399d5868f...37.apk

android-9-x86

10

0399d5868f...37.apk

android-10-x64

10

0399d5868f...37.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10016735019.zip

  • Size

    2.5MB

  • Sample

    230412-s7bhqadb94

  • MD5

    d87cf5a16f4065c8bbd0f2a04595828b

  • SHA1

    032ab09f4fe5c63bdd638a9464072b4b3c1f77ab

  • SHA256

    1746fe4d9b29130f3ad84b9d81b1d20619aba6da0835ede5c9c31f95f325125c

  • SHA512

    1b96f36a068b37029565f72cce5a4e8c528dce2f95f9626b554f86e349e8b1aa9cd0ab2bdab28f092a6cc55d544aafd6776ecf3aacd60fafcf011106914d0670

  • SSDEEP

    49152:yCkyzKRntMd+iDMOK6FeBV8o2TBE2WBs6Vn7owoS8ZoYPRyVb37oeINSzz5fzpq:RJzstMYig6oV8ddE2Osu7uPRub3UeDzW

Score
10/10
ermachookandroidbankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

ermac

C2

http://91.215.85.37:3434

AES_key

Extracted

Family

hook

C2

http://91.215.85.37:3434

AES_key

Targets

    • Target

      0399d5868f1c7ace8585daba2b93d794a19dd354f95a2c5ae0bc870237c9eb37

    • Size

      2.8MB

    • MD5

      82adeeff58343441db34ff548c7c1e57

    • SHA1

      c1c6555126e509f7797d9b3bd7b28e82c04c2de6

    • SHA256

      0399d5868f1c7ace8585daba2b93d794a19dd354f95a2c5ae0bc870237c9eb37

    • SHA512

      c3a2cff7ebfd7a0b43fe705fbeb1cee11cff43ab91c6320c7d5b6bab8d835d9c0d74e69dc552e4632a2e288b25b88663c0390d202ada762ada70c8c97bbd323e

    • SSDEEP

      49152:0PDiW/t1GkT49g89ZvY85W3/9+BfHTA3s2NpgInk:0PDt/t1GQkY85PBfHTA3syKInk

    Score
    10/10
    ermachookbankerevasioninfostealerransomwarerattrojan

    • Ermac

      An Android banking trojan first seen in July 2021.

      bankertrojaninfostealerermac

    • Ermac2 payload

    • Hook

      Hook is an Android malware that is based on Ermac with RAT capabilities.

      rattrojaninfostealerhook

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Removes a system notification.

      evasion

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks