ermac | 1c310cd242a87be5cfc15ead92cbeccadd3d14de3a03fb043286ca11c8afe05d | Triage

Sharing

General

Target

1c310cd242a87be5cfc15ead92cbeccadd3d14de3a03fb043286ca11c8afe05d.bin
Size

3.3MB
Sample

230808-135vrshf3z
MD5

4ad2a756156f9d674fcb21fff2fd37ab
SHA1

5260cb40dc651def5a8c265acdbadf6230a06e83
SHA256

1c310cd242a87be5cfc15ead92cbeccadd3d14de3a03fb043286ca11c8afe05d
SHA512

58a3c08fd315a430360859a6c7a1bc90f4c943ff8802e2285c289edfeeb7540217aa64f92a3cdc65f2683a443f1dd96ef8accfea1f852ed27045e7107530e426
SSDEEP

49152:aMQHcdO/rcUbk5wX1hAqYax8sTH30OQfD4fY7DvgJXCgcuHZnOmW9ihOeS/Pu:aMQDoSeqYax3EOe7DIXCRspOP9yS/G

Score

10^/10

ermac android banker evasion infostealer ransomware stealth trojan

Malware Config

Extracted

Family

ermac

C2

http://91.213.50.62:3434

AES_key

AES_key

Targets

- Target
  
  1c310cd242a87be5cfc15ead92cbeccadd3d14de3a03fb043286ca11c8afe05d.bin
- Size
  
  3.3MB
- MD5
  
  4ad2a756156f9d674fcb21fff2fd37ab
- SHA1
  
  5260cb40dc651def5a8c265acdbadf6230a06e83
- SHA256
  
  1c310cd242a87be5cfc15ead92cbeccadd3d14de3a03fb043286ca11c8afe05d
- SHA512
  
  58a3c08fd315a430360859a6c7a1bc90f4c943ff8802e2285c289edfeeb7540217aa64f92a3cdc65f2683a443f1dd96ef8accfea1f852ed27045e7107530e426
- SSDEEP
  
  49152:aMQHcdO/rcUbk5wX1hAqYax8sTH30OQfD4fY7DvgJXCgcuHZnOmW9ihOeS/Pu:aMQDoSeqYax3EOe7DIXCRspOP9yS/G
Score

10^/10

ermac banker evasion infostealer ransomware trojan stealth
- Ermac
  An Android banking trojan first seen in July 2021.
  banker trojan infostealer ermac
- Ermac2 payload
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Queries the unique device ID (IMEI, MEID, IMSI).
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3
- Target
  
  RobotoMono-Medium.ttf
- Size
  
  110KB
- MD5
  
  8f49b8422153814494b337d2f706a617
- SHA1
  
  87e395ada8e8229c95319fd172561948d85ddf57
- SHA256
  
  8360c5632dc12125e266a655b4f175c8590f18d92d68b29613742d2fb64510cf
- SHA512
  
  ad845f40dc65e939be33651cdae8a1a829820e4d807ae2bf2fbb5ca315dc45aec312ca61ca55abd124757fc6dc5cabde4aec81b86c61d5fa3ec2aac5c0ef9ef5
- SSDEEP
  
  3072:z/i5sxy1lOs9ILa4YgCGVYUcJc+IjRzMV:z/dozPBGVvcJc+b
Score

1^/10
behavioral4 behavioral5
- Target
  
  boost_01_effect.plist
- Size
  
  2KB
- MD5
  
  c638bc6f61497a4a2c32f62af4bd60fe
- SHA1
  
  3618e84825c6b5fa6d0d63d3e8dacca90c490fff
- SHA256
  
  d3d9dcc6da6b954049e8834661f6d2a1d3f7256928991fe08f49c5daa62a8637
- SHA512
  
  814470fac0d683a3019f004a4e0d98420c0a72dcd51dbddefbf496b7a90e25b6e8663279240ef0c2e17f141571ee923271a0e1b2ac3ca1bce2fdb46398720dd8
Score

3^/10
behavioral6 behavioral7
- Target
  
  boost_02_effect.plist
- Size
  
  2KB
- MD5
  
  f45467db6500a27f2756cdda60947df8
- SHA1
  
  2ec869aa0e2c2fc3512857ddd351609f1d53afc2
- SHA256
  
  00afe2aaca87cafe9ccebf3d45c11b9017273c94b52f6e9c3c038c3cb1c4cf4c
- SHA512
  
  6e1d9401aa92a88d92d2cb75244125c7e06b4572dd88213627bc445a0df87b23dd5c26b48fc6c8ae60f24c3d764276fc1d271fcef2876828b2106fe3e7c80347
Score

3^/10
behavioral8 behavioral9
- Target
  
  boost_03_effect.plist
- Size
  
  2KB
- MD5
  
  d122c045b6e8adcb983a09bc7a02ca71
- SHA1
  
  6a38519ac6f268c9dcbcee37cbeca327c3381c85
- SHA256
  
  8bfc68dead941eda0b73218e872d9fb31a8bfca9e448486771748316b545c60d
- SHA512
  
  0d8bbc2583e98a17362658e3535f59ddd8b012d1a12df23c63d15d3139c8bec8a93f4312aabd17ec025c9cc150a1692c413c56b53558acc6c94207c2878d9e9b
Score

3^/10
behavioral10 behavioral11
- Target
  
  boost_04_effect.plist
- Size
  
  2KB
- MD5
  
  80168c7967ce56123eaae7c1c3ec71ea
- SHA1
  
  73994ab3c4a3da5b55460ee25dcfc2f45f5f7a5a
- SHA256
  
  e1a98040443675a42fb01354aa39f74a2256b1445e0249268677f6b01bcb1639
- SHA512
  
  f32153e91355d0848bdca3082d28e6d198b8887bd5d1ccd2f3afedf9c2a2b0054fb8eaba02c01df450f4652f1d729fc9fa30150aefd74d08c036dece549511a1
Score

3^/10
behavioral12 behavioral13
- Target
  
  dragEffect.plist
- Size
  
  2KB
- MD5
  
  6de0ee2cd3360b7a56c053235c495a18
- SHA1
  
  3003297bd7e617ec83c94cbf8b7d02ef76327c61
- SHA256
  
  c7e03b52f30719841186b1f740ed584164573785bf19bc5fac46a0ac813784b7
- SHA512
  
  5d2586c94713df8fb24599c523e745a9a34c247e4028c6f51b09fe1f6e7a0338f714a322731143e2cc68c281e26bb73c1cd382fde2a43d4122c017eb7aac6f65
Score

3^/10
behavioral14 behavioral15
- Target
  
  fyb_iframe_endcard_tmpl.html
- Size
  
  521B
- MD5
  
  331ab67d131439c4c50e02a3d7445008
- SHA1
  
  675ac8d91e0a2fe211d49a8e42f20f018c4bd50c
- SHA256
  
  efdac80cdb4576d2e0d93512348e9dbdb06e69e23a1db81838dc5e40a16715d9
- SHA512
  
  eba60283d7d5562d3e27a9d5f9f382de621474796e68c4c7b8bf06fd20b081f5aa657ab58d988f40e76883eb8459e3b44f8f31f10424f6d181bffc3c28041e04
Score

1^/10
behavioral16 behavioral17
- Target
  
  fyb_static_endcard_tmpl.html
- Size
  
  3KB
- MD5
  
  d18fb1787ce0e84567496b8564e452aa
- SHA1
  
  007033d0824685600611af6992060577e127dd23
- SHA256
  
  2ae5e0576febb1a1cd63b10bf71644f99fcfd0fe7fb1f2d19525594165294e51
- SHA512
  
  ba5225a80941e3ee4ff18401b910968a6cab47634914ecb68213599b96fd4b39c8722e82bf2883faf355d9416a6f2acaa36151a5d8969079cfcd4c6795f6003b
Score

1^/10
behavioral18 behavioral19

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ermacbankerevasioninfostealerransomwaretrojan

behavioral2

ermacbankerinfostealerransomwaretrojan

behavioral3

ermacbankerevasioninfostealerransomwarestealthtrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19