Overview

overview

10

Static

static

7

bb0af025c7...86.apk

android-9-x86

10

bb0af025c7...86.apk

android-10-x64

10

bb0af025c7...86.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bb0af025c7d8c9b5245c913c9b037633ec19f173bbb1b7800331a16e05eb5e86.bin

  • Size

    1.5MB

  • Sample

    231109-1zvwdsga94

  • MD5

    ebf124b4b3abec5f671c787169fd6985

  • SHA1

    ea36903b6fb393b140c7019a44510f0603cccf94

  • SHA256

    bb0af025c7d8c9b5245c913c9b037633ec19f173bbb1b7800331a16e05eb5e86

  • SHA512

    1e505acf2c544f8466e9ec5ad9643e0e976acaf097398ff94e016584829222b0bcc1d3bba911def843c75e4369af8e03351e0f04f8f64bace7a523f8078b30a6

  • SSDEEP

    24576:2K/v23xqjeG+54+eS/j1wGkwSQV6jZe54fwyMIue7k6gggSBzf:tW30jd+54+lmZU6F+diVgggSFf

Score
10/10
ermachookandroidbankerevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

ermac

C2

http://85.209.176.47:3434

AES_key

Extracted

Family

hook

C2

http://85.209.176.47:3434

AES_key

Targets

    • Target

      bb0af025c7d8c9b5245c913c9b037633ec19f173bbb1b7800331a16e05eb5e86.bin

    • Size

      1.5MB

    • MD5

      ebf124b4b3abec5f671c787169fd6985

    • SHA1

      ea36903b6fb393b140c7019a44510f0603cccf94

    • SHA256

      bb0af025c7d8c9b5245c913c9b037633ec19f173bbb1b7800331a16e05eb5e86

    • SHA512

      1e505acf2c544f8466e9ec5ad9643e0e976acaf097398ff94e016584829222b0bcc1d3bba911def843c75e4369af8e03351e0f04f8f64bace7a523f8078b30a6

    • SSDEEP

      24576:2K/v23xqjeG+54+eS/j1wGkwSQV6jZe54fwyMIue7k6gggSBzf:tW30jd+54+lmZU6F+diVgggSFf

    Score
    10/10
    ermachookbankerinfostealerransomwarerattrojanevasion

    • Ermac

      An Android banking trojan first seen in July 2021.

      bankertrojaninfostealerermac

    • Ermac2 payload

    • Hook

      Hook is an Android malware that is based on Ermac with RAT capabilities.

      rattrojaninfostealerhook

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

      banker

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Removes a system notification.

      evasion

    • Uses Crypto APIs (Might try to encrypt user data).

      ransomware
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix

Tasks