ermac | 2a2160d2e66f21b096c25385a9096dfa03162dd0a0bfc84e753848a442cec08e | Triage

Submit
Reports

Overview

overview

Static

static

6

9d36f9ad8d...30.apk

android-9-x86

9d36f9ad8d...30.apk

android-10-x64

9d36f9ad8d...30.apk

android-11-x64

Sharing

General

Target

13560653988.zip
Size

1.7MB
Sample

231215-2ga9pshefp
MD5

f13f91cf2b04a5ff0604e549695a4e07
SHA1

3f818a2bc873841bceacef573396e4439b5c91ed
SHA256

2a2160d2e66f21b096c25385a9096dfa03162dd0a0bfc84e753848a442cec08e
SHA512

cdab59920127652d6a03bef5c9e53300e743fceb4920de08e19814d084f516b9a28805586f93263301c8273191cbe5232c383f75a1cd489f1320fc7516ff0c87
SSDEEP

49152:uJQgf42kwb9GcRhxKU0He8GPnmVUlEwrdSoUFCH:mf42kw0IxK9HelmVkuFM

Score

10^/10

ermac android banker evasion infostealer stealth trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

9d36f9ad8dbc04ee626aea6edf2b0e01bb28b08ec3dbfec2b65c123080512630.apk

Resource

android-x86-arm-20231215-en

ermac banker evasion infostealer stealth trojan

android-9-x86

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

9d36f9ad8dbc04ee626aea6edf2b0e01bb28b08ec3dbfec2b65c123080512630.apk

Resource

android-x64-20231215-en

ermac banker infostealer stealth trojan

android-10-x64

9 signatures

150 seconds

Behavioral task

behavioral3

Sample

9d36f9ad8dbc04ee626aea6edf2b0e01bb28b08ec3dbfec2b65c123080512630.apk

Resource

android-x64-arm64-20231215-en

ermac banker evasion infostealer stealth trojan

android-11-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

ermac

C2

http://193.106.191.148:3434

AES_key

AES_key

Targets

- Target
  
  9d36f9ad8dbc04ee626aea6edf2b0e01bb28b08ec3dbfec2b65c123080512630
- Size
  
  2.0MB
- MD5
  
  38cb19ae295884c433d292d25e41dc99
- SHA1
  
  9bbbf3a73b5ddf767a8fd7843677d96275296294
- SHA256
  
  9d36f9ad8dbc04ee626aea6edf2b0e01bb28b08ec3dbfec2b65c123080512630
- SHA512
  
  bdaffbf5d961547742fbaa21400a53a50a70f68a2fc6161815450208ccf6831c7e67f796c3692d3b5e19eade252fa845a21073554768219ab5f4a0dc63952431
- SSDEEP
  
  24576:B3RCvyd5u/3dxMzMKrH0/+eS4fQu5UYJH8TyMMVb7t8bBJV90IMCTZfwMp8rQTTD:B3Qyd8Vx1+b4fwtd7p8STD
Score

10^/10

ermac banker evasion infostealer stealth trojan
- Ermac
  An Android banking trojan first seen in July 2021.
  banker trojan infostealer ermac
- Ermac2 payload
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Removes its main activity from the application launcher
  stealth trojan
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Acquires the wake lock
- Queries the unique device ID (IMEI, MEID, IMSI)
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

ermacbankerevasioninfostealerstealthtrojan

behavioral2

ermacbankerinfostealerstealthtrojan

behavioral3

ermacbankerevasioninfostealerstealthtrojan

© 2018-2025

Terms | Privacy