ermac | d0bd0179f03a876c737ba57de15ceca3717bbf2f73617376319769d211d0ae06 | Triage

Sharing

General

Target

d0bd0179f03a876c737ba57de15ceca3717bbf2f73617376319769d211d0ae06.bin
Size

3.3MB
Sample

230825-1x5mtafa29
MD5

6a32e3b466cda9dfffb5bceaa83875be
SHA1

69417f7b813b231e4e9607b193de1e645299fa12
SHA256

d0bd0179f03a876c737ba57de15ceca3717bbf2f73617376319769d211d0ae06
SHA512

5a88273c2993f1d9fa4e4035b2eaf79946a0d71cba5490c8462fedfa505df42e04283e3ed0f845cc1cfb4064cbab9b457c803e992712ae67ce09f7b01f976bfb
SSDEEP

98304:NBucE+sbwTiygFyNUqjfR577QRhKlwUvN:yPwOpsbrP7QcXN

Score

10^/10

ermac android banker evasion infostealer ransomware stealth trojan

Malware Config

Extracted

Family

ermac

C2

http://193.106.191.148:3434

AES_key

AES_key

Targets

- Target
  
  d0bd0179f03a876c737ba57de15ceca3717bbf2f73617376319769d211d0ae06.bin
- Size
  
  3.3MB
- MD5
  
  6a32e3b466cda9dfffb5bceaa83875be
- SHA1
  
  69417f7b813b231e4e9607b193de1e645299fa12
- SHA256
  
  d0bd0179f03a876c737ba57de15ceca3717bbf2f73617376319769d211d0ae06
- SHA512
  
  5a88273c2993f1d9fa4e4035b2eaf79946a0d71cba5490c8462fedfa505df42e04283e3ed0f845cc1cfb4064cbab9b457c803e992712ae67ce09f7b01f976bfb
- SSDEEP
  
  98304:NBucE+sbwTiygFyNUqjfR577QRhKlwUvN:yPwOpsbrP7QcXN
Score

10^/10

ermac banker evasion infostealer ransomware stealth trojan
- Ermac
  An Android banking trojan first seen in July 2021.
  banker trojan infostealer ermac
- Ermac2 payload
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Queries the unique device ID (IMEI, MEID, IMSI).
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3
- Target
  
  arkose_captcha_index_v2.html
- Size
  
  3KB
- MD5
  
  914e8ed2c1d89e7d8bbd8af5f20625ce
- SHA1
  
  056a218be06c42a98c48d0af2eb8352e82ffee16
- SHA256
  
  3ff7a3880c696146c89535d3b32a825f6c82acefcbb9a053bd325e8dbe8c6f39
- SHA512
  
  a7a087bc0f4ea091a3cf13c042c3c8a6f271252558e132479d32d8548e9a7fa005e2f2e91f4f682cca27299018d94d95622cf511b605fc6aa6075df26c36a49b
Score

1^/10
behavioral4 behavioral5
- Target
  
  extension_container.html
- Size
  
  481B
- MD5
  
  f3fb5f75f9801e295a8ed3e7bfaf351f
- SHA1
  
  5ca9beb0377e1e22e42a02a31250b634de05c74b
- SHA256
  
  c2c901365fd0d0cb11c7ab39796f4404ba4d9fa2d6254b1bc6c6650c651eb4df
- SHA512
  
  ad77b1e687329c24d810ca37d91f1cd99608fc224d59efec2dae18fac60c9ace4e2eda300493f4cf3d14f746736cafba955447296963eaea83dc9406b95e48f2
Score

1^/10
behavioral6 behavioral7
- Target
  
  license.htm
- Size
  
  6KB
- MD5
  
  407f13382c8d7a039a9eaef44f79642e
- SHA1
  
  d16f70c6d1703efc33823ab385ceabd8447ac1bc
- SHA256
  
  657c157f78e360d37e2485f6245b4f87789ece5a2b150a4f4fe9fead0c6facd3
- SHA512
  
  213e32e5f04199153ad3702e8706b0399fdb8c683a47dfbde7dce8a91ef7786c7d43830eeaf5d03fade136a74ca0908eabd797be806d15c106a2e070579ada9c
- SSDEEP
  
  96:27r6shoCs4pHbHF0cRKKxUREEQAk5cVB54x/XHFCWFJYJzzTF3G3zVHCU:DsmQHbHxRKKME6FWXHZLsXTF3G3BCU
Score

1^/10
behavioral8 behavioral9
- Target
  
  mm.js
- Size
  
  37KB
- MD5
  
  2de607e1c373cd3928934b23d2931292
- SHA1
  
  737a753ee060c559135e28b72206ced136ba4d03
- SHA256
  
  7b698d400040bfb408bcf7f25648d8563efa677b595fd1c126b0eb28a8b142f0
- SHA512
  
  fec9e1a94bd454f23050ff67a1631913bed6cf25487952783c531fad7cbc1ef333a76557d08bab7a8001582694ce5fd3385bfa8e0555e266a6ac08d8c1266e0a
- SSDEEP
  
  384:7NeICibDI94OMKwxcGCuTcAeAgX2GJiEM1itiQAAApD:7IIrbRKwxcGCuIX/iQs
Score

1^/10
behavioral10 behavioral11
- Target
  
  playstore.htm
- Size
  
  4KB
- MD5
  
  b5761ec7f4412406c8f521379cbfe466
- SHA1
  
  621c6720da697ab81116bfdd6bf81d1c8ad5e7a1
- SHA256
  
  27b9dbf27f7d81fc3cb84c6b3b2430a14fcf78d82d351d38b92dd18537f0bc26
- SHA512
  
  e4115829d744cfe44891eb753c4b2ef042d6d5397e5138899ddcfbf9f5a7ac84f2a47af3ca496e11505ca501b8ccadd51b276adafa42d709525b337049d7ed4d
- SSDEEP
  
  48:mB79CNoW1ii1n8BfDaqDUMmckWmk1ZVEsMToZtME1NOar5McIp9AMF3Y:mB79C2WT16DaqAMv5ZxoMMUbMrHBFI
Score

1^/10
behavioral12 behavioral13
- Target
  
  totalcmd_datenschutzerklaerung.htm
- Size
  
  3KB
- MD5
  
  41cb1edf3388232ed16c7827671b6437
- SHA1
  
  0f48049463f07cbd9da8a8c32431e3cd398dec2f
- SHA256
  
  d4e95c717f4af725ace14cdcf249171f842186b56c365c9897c5f273ad41af57
- SHA512
  
  0c649466d7af3ea3c3985b94f44b5d689fab96226c7667fe798727faabe798edb92cbf8abcc67ec559377da7250c19fc15a116d09e3521c0445d2ee66585fd63
Score

1^/10
behavioral14 behavioral15
- Target
  
  totalcmd_privacy_policy.htm
- Size
  
  3KB
- MD5
  
  f5bd54f89d624a56a0368d1bf532c60b
- SHA1
  
  6fdb247506d811132bc5b51ffc1d82afeb6e72b4
- SHA256
  
  eb87dd5ca31a26b9d8a8bc650c324b49027d38242ffc71a89b04e0aae8b4cb4b
- SHA512
  
  8dc96be4781bb08b1dcbc3205f59eac592285e98a349a330301ab32e81a25beebd9224880215c62e431d9926c7ed0433e886b61730ada1012ca2f907fcceb263
Score

1^/10
behavioral16 behavioral17

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ermacbankerevasioninfostealerransomwarestealthtrojan

behavioral2

ermacbankerevasioninfostealerransomwarestealthtrojan

behavioral3

ermacbankerevasioninfostealerransomwarestealthtrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17