ermac | 9b5905a253141d4f64394de73775541a7bb16714cff8d18684e24ae887c97fc2 | Triage

Submit
Reports

Overview

overview

Static

static

7

495a0621b2...17.apk

android-9-x86

495a0621b2...17.apk

android-10-x64

495a0621b2...17.apk

android-11-x64

Resubmissions

15-05-2023 08:47

230515-kp5d3sfe45 10

12-05-2023 04:56

230512-fkpqlsbg86 10

Sharing

General

Target

495a0621b2afc6adefbf17dc6c3cf5e92ba8227ac6939a20439b1b9dde878617.zip
Size

3.7MB
Sample

230512-fkpqlsbg86
MD5

791cfcd67eeafbda2ed887c7b7063ac8
SHA1

b1b4d58baf90feec78e61180c49e3332e0a668c9
SHA256

9b5905a253141d4f64394de73775541a7bb16714cff8d18684e24ae887c97fc2
SHA512

0875974f09be800df80f5674fe0d7c7143f3b7dd5c4c043338d26f25bc9f8b264fffec7f02fa7ed8074f35a9cfc3cacca0df24a845722298f1e0b3c12b1f3c03
SSDEEP

98304:P0mEG9Yh6AK4wk/KZjP+32YmGPhJxjGIr/D27z:smVih60PSlPrLGPrrG

Score

10^/10

ermac android banker evasion infostealer ransomware trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

495a0621b2afc6adefbf17dc6c3cf5e92ba8227ac6939a20439b1b9dde878617.apk

Resource

android-x86-arm-20220823-en

ermac banker evasion infostealer ransomware trojan

android-9-x86

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

495a0621b2afc6adefbf17dc6c3cf5e92ba8227ac6939a20439b1b9dde878617.apk

Resource

android-x64-20220823-en

ermac banker infostealer ransomware trojan

android-10-x64

5 signatures

150 seconds

Behavioral task

behavioral3

Sample

495a0621b2afc6adefbf17dc6c3cf5e92ba8227ac6939a20439b1b9dde878617.apk

Resource

android-x64-arm64-20220823-en

ermac banker evasion infostealer ransomware trojan

android-11-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

ermac

Blowfish_key

AES_key

Targets

- Target
  
  495a0621b2afc6adefbf17dc6c3cf5e92ba8227ac6939a20439b1b9dde878617
- Size
  
  3.7MB
- MD5
  
  a88a497b3ae6bb84209cac0906df61a7
- SHA1
  
  fd80903a98e187bc841a0aabe04528cc1654b8ee
- SHA256
  
  495a0621b2afc6adefbf17dc6c3cf5e92ba8227ac6939a20439b1b9dde878617
- SHA512
  
  684e5ea64375791c2195dd1459d868e6ed2d40ab376b5477e0964c43a4eccc57aab66ce08a55eddb51d1edc6503cf12c9c7ab7f27eb815105ec4ec31ecff5d7a
- SSDEEP
  
  49152:4GXx4KE5XqsZKV0dw8zbn3A9/HKu84zXYenCh4ebzds31j/D0NcxZBD5I:cz5XqsZDnwxnXYenUP/dsOyxrD+
Score

10^/10

ermac banker evasion infostealer ransomware trojan
- Ermac
  An Android banking trojan first seen in July 2021.
  banker trojan infostealer ermac
- Ermac payload
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

ermacbankerevasioninfostealerransomwaretrojan

behavioral2

ermacbankerinfostealerransomwaretrojan

behavioral3

ermacbankerevasioninfostealerransomwaretrojan

© 2018-2025

Terms | Privacy