Overview

overview

10

Static

static

7

facdbaa405...19.apk

android-9-x86

10

facdbaa405...19.apk

android-10-x64

10

facdbaa405...19.apk

android-11-x64

10

template.js

windows7-x64

1

template.js

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    facdbaa40525fd2622d88e201253cba273ea779669ea04287c65d5df87866219.bin

  • Size

    2.7MB

  • Sample

    231002-1w57ysgf92

  • MD5

    1510d4516b4944f2996fe5e6f71bb117

  • SHA1

    460e5b76846ba3d4e1d218ee06469704f7fdb9be

  • SHA256

    facdbaa40525fd2622d88e201253cba273ea779669ea04287c65d5df87866219

  • SHA512

    688852286998996b8c8e1ed010eaf1690d177c122a9f4748226c5d2d8a7f9c9a80e1db4728db1a5f44ca3c8a713397891a1176a6f8dec760a9e29ec66c4aa7af

  • SSDEEP

    49152:gwxNZUPB0zKA2g8t1gNkTyuNhCFHnrNMl2LMOOdT6yJ7sbC:gwxNZUPB0e11FTym6nrOl2LM/zybC

Score
10/10
ermachookandroidbankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

ermac

AES_key

Extracted

Family

hook

AES_key

Targets

    • Target

      facdbaa40525fd2622d88e201253cba273ea779669ea04287c65d5df87866219.bin

    • Size

      2.7MB

    • MD5

      1510d4516b4944f2996fe5e6f71bb117

    • SHA1

      460e5b76846ba3d4e1d218ee06469704f7fdb9be

    • SHA256

      facdbaa40525fd2622d88e201253cba273ea779669ea04287c65d5df87866219

    • SHA512

      688852286998996b8c8e1ed010eaf1690d177c122a9f4748226c5d2d8a7f9c9a80e1db4728db1a5f44ca3c8a713397891a1176a6f8dec760a9e29ec66c4aa7af

    • SSDEEP

      49152:gwxNZUPB0zKA2g8t1gNkTyuNhCFHnrNMl2LMOOdT6yJ7sbC:gwxNZUPB0e11FTym6nrOl2LM/zybC

    Score
    10/10
    ermachookbankerevasioninfostealerransomwarerattrojan

    • Ermac

      An Android banking trojan first seen in July 2021.

      bankertrojaninfostealerermac

    • Ermac2 payload

    • Hook

      Hook is an Android malware that is based on Ermac with RAT capabilities.

      rattrojaninfostealerhook

    • Makes use of the framework's Accessibility service.

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Removes a system notification.

      evasion

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2behavioral3

    • Target

      template.js

    • Size

      57KB

    • MD5

      3fb68e15b065d895aa6657a11b204aa3

    • SHA1

      db3259aa1e92e88ab13f81024cf307d5141a17b5

    • SHA256

      dca976f8117c8b3abdb52a650198a1fd1b505e8e4c9a743800da3fbd3d8fd4d9

    • SHA512

      cf3c645e71cd3ede2cc082c0742a74f2d1dd052fa55ca61af2ef2f64c24c82d2c336cf01eb860b95db486bb6116599dcda120f68d6dc7b11a31b0e93c3b26dae

    • SSDEEP

      768:nxACdOCgErJCtrzlCz4xnceJtU6r0iBpTkM4TuDcpdd67Kn+b5ha8HbKMLsA1Owg:nx7ZqrzligDUyXkjw4n+yktg

    Score
    1/10
    behavioral4behavioral5

MITRE ATT&CK Matrix

Tasks