ermac | f1ba0a022c9efd97840a6dd2853fd907393ea13a4200512f062aa6de7b4e514a | Triage

Sharing

General

Target

f1ba0a022c9efd97840a6dd2853fd907393ea13a4200512f062aa6de7b4e514a.bin
Size

2.8MB
Sample

240229-1w9kdadg3z
MD5

0d938686bf6169169e6aa678f9f95154
SHA1

fb690af0a6bd7ce46e08096bcafe366123cf0a3a
SHA256

f1ba0a022c9efd97840a6dd2853fd907393ea13a4200512f062aa6de7b4e514a
SHA512

d25b4a40be79bd86eb5547e8170efb041eac0e7aa92185ebefccfead83e193e5c8073b2a2ccb4fcf43ad0b3894369a3fd1e380428204440f2b8e321ae3ce8278
SSDEEP

49152:g86XQt6FU+E2O3B1My9jLwGMog8rRgaTTyXqyCFHnrN/lGojtDmIAOzt4:g7k6FhE2OTxCgRLTy6FnrJlxZmpOZ4

Score

10^/10

ermac hook android banker collection discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

ermac

C2

http://91.215.85.37:3434

AES_key

Extracted

Family

hook

C2

http://91.215.85.37:3434

AES_key

Targets

- Target
  
  f1ba0a022c9efd97840a6dd2853fd907393ea13a4200512f062aa6de7b4e514a.bin
- Size
  
  2.8MB
- MD5
  
  0d938686bf6169169e6aa678f9f95154
- SHA1
  
  fb690af0a6bd7ce46e08096bcafe366123cf0a3a
- SHA256
  
  f1ba0a022c9efd97840a6dd2853fd907393ea13a4200512f062aa6de7b4e514a
- SHA512
  
  d25b4a40be79bd86eb5547e8170efb041eac0e7aa92185ebefccfead83e193e5c8073b2a2ccb4fcf43ad0b3894369a3fd1e380428204440f2b8e321ae3ce8278
- SSDEEP
  
  49152:g86XQt6FU+E2O3B1My9jLwGMog8rRgaTTyXqyCFHnrN/lGojtDmIAOzt4:g7k6FhE2OTxCgRLTy6FnrJlxZmpOZ4
Score

10^/10

ermac hook banker collection evasion infostealer rat trojan discovery
- Ermac
  An Android banking trojan first seen in July 2021.
  banker trojan infostealer ermac
- Ermac2 payload
- Hook
  Hook is an Android malware that is based on Ermac with RAT capabilities.
  rat trojan infostealer hook
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Checks Android system properties for emulator presence.
  evasion
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
  evasion
- Acquires the wake lock
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Download New Code at Runtime

Input Injection

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

ermachookbankercollectionevasioninfostealerrattrojan

behavioral2

ermachookbankercollectiondiscoveryevasioninfostealerrattrojan

behavioral3

ermachookbankercollectiondiscoveryevasioninfostealerrattrojan