Overview

overview

10

Static

static

10

73574e74b7...c0.apk

android-9-x86

10

73574e74b7...c0.apk

android-10-x64

10

73574e74b7...c0.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    73574e74b7ed1a28073c056e2836ba06a9b98d7a327d9240ffc4b42832d21fc0.bin

  • Size

    1.3MB

  • Sample

    240222-1xnz3aga49

  • MD5

    1cc70ee6537c378ceedb4852a223eeae

  • SHA1

    8f651b729ebad19ef6f2befebf5fe2800344682a

  • SHA256

    73574e74b7ed1a28073c056e2836ba06a9b98d7a327d9240ffc4b42832d21fc0

  • SHA512

    6a4d7d1014275fb0d90e69a58ca27c830faa885a695a5523418d245c5427f5fbf33629c9c60581f83497caad812f931c3e81b0b07588018e73b607375dda7de9

  • SSDEEP

    24576:2+AHBgwK+SfMPLhZU4fyHu+c5+SiW+IB96XW9Oyir:b2ZuMzhK4feHSir

Score
10/10
ermacandroidbankercollectiondiscoveryevasioninfostealerstealthtrojan

Malware Config

Extracted

Family

ermac

C2

http://77.105.132.32:3434

AES_key
AES_key

Targets

    • Target

      73574e74b7ed1a28073c056e2836ba06a9b98d7a327d9240ffc4b42832d21fc0.bin

    • Size

      1.3MB

    • MD5

      1cc70ee6537c378ceedb4852a223eeae

    • SHA1

      8f651b729ebad19ef6f2befebf5fe2800344682a

    • SHA256

      73574e74b7ed1a28073c056e2836ba06a9b98d7a327d9240ffc4b42832d21fc0

    • SHA512

      6a4d7d1014275fb0d90e69a58ca27c830faa885a695a5523418d245c5427f5fbf33629c9c60581f83497caad812f931c3e81b0b07588018e73b607375dda7de9

    • SSDEEP

      24576:2+AHBgwK+SfMPLhZU4fyHu+c5+SiW+IB96XW9Oyir:b2ZuMzhK4feHSir

    Score
    10/10
    ermacbankercollectionevasioninfostealerstealthtrojandiscovery

    • Ermac

      An Android banking trojan first seen in July 2021.

      bankertrojaninfostealerermac

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasion

    • Removes its main activity from the application launcher

      stealthtrojan

    • Acquires the wake lock

    • Queries the unique device ID (IMEI, MEID, IMSI)

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

      evasion
    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v15

Tasks