ermac | 81129de12457aad24b1098dc12ef060a965f49dd126c73d90f5d1742d2b535a6 | Triage

Sharing

General

Target

81129de12457aad24b1098dc12ef060a965f49dd126c73d90f5d1742d2b535a6.bin
Size

1.1MB
Sample

240305-11774sah4v
MD5

36ef736c457775316f0d9e168e06243a
SHA1

5959a63c275a89e55929f7961add65b6722dfba1
SHA256

81129de12457aad24b1098dc12ef060a965f49dd126c73d90f5d1742d2b535a6
SHA512

9236590a302ff9c5210e571f9f603266028e4e50b6c927b8f9af001f328537bb1ef77746b101be9991c7da34a44e8955c63f02d4e6cf91f1b6740b31e6d8950e
SSDEEP

24576:hdW1FAy9OYOkqVTUfp9CjzD0gg/wm2slNkA70ml9zV6G:a1FAy9OYOkoUzC3ng//tNRf

Score

10^/10

ermac android banker collection discovery evasion infostealer stealth trojan

Malware Config

Extracted

Family

ermac

C2

http://20.77.71.31:3434

AES_key

AES_key

Targets

- Target
  
  81129de12457aad24b1098dc12ef060a965f49dd126c73d90f5d1742d2b535a6.bin
- Size
  
  1.1MB
- MD5
  
  36ef736c457775316f0d9e168e06243a
- SHA1
  
  5959a63c275a89e55929f7961add65b6722dfba1
- SHA256
  
  81129de12457aad24b1098dc12ef060a965f49dd126c73d90f5d1742d2b535a6
- SHA512
  
  9236590a302ff9c5210e571f9f603266028e4e50b6c927b8f9af001f328537bb1ef77746b101be9991c7da34a44e8955c63f02d4e6cf91f1b6740b31e6d8950e
- SSDEEP
  
  24576:hdW1FAy9OYOkqVTUfp9CjzD0gg/wm2slNkA70ml9zV6G:a1FAy9OYOkoUzC3ng//tNRf
Score

10^/10

ermac banker collection discovery evasion infostealer stealth trojan
- Ermac
  An Android banking trojan first seen in July 2021.
  banker trojan infostealer ermac
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Removes its main activity from the application launcher
  stealth trojan evasion
- Acquires the wake lock
- Queries the unique device ID (IMEI, MEID, IMSI)
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Suppress Application Icon

Input Injection

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

ermacbankercollectiondiscoveryevasioninfostealerstealthtrojan

behavioral2

ermacbankercollectiondiscoveryevasioninfostealerstealthtrojan

behavioral3

ermacbankercollectiondiscoveryevasioninfostealerstealthtrojan