ermac | 2142671d090e4c857137bff71cc13f05a25fe1e95bb8fcf80f554f3adf29910a | Triage

Submit
Reports

Overview

overview

Static

static

2142671d09...0a.apk

android-9-x86

2142671d09...0a.apk

android-10-x64

2142671d09...0a.apk

android-11-x64

Sharing

General

Target

2142671d090e4c857137bff71cc13f05a25fe1e95bb8fcf80f554f3adf29910a.bin
Size

1.1MB
Sample

240320-1w7e1sdc8s
MD5

0b98aa107b4610cc9c2b15e685e9c802
SHA1

cf612eedbe423d7c30a4bf09c3e798e08a512458
SHA256

2142671d090e4c857137bff71cc13f05a25fe1e95bb8fcf80f554f3adf29910a
SHA512

ea2c03fb5194b4ff2957ffbcdda475924f4f99f86a83b747ff63725cf0789ecbd19b06db858bc7d7b433fe3fbb992f197417bf3954add8f3e3ace31131b3f3c4
SSDEEP

24576:BT282S4HtuWZ0p46B8ZJ8SV2BrpM7k9eLxg/Si:Ba82S4NZOp46B8Z60VLxg/p

Score

10^/10

ermac hook android banker collection discovery evasion infostealer rat stealth trojan

Static task

static1

5 signatures

Behavioral task

behavioral1

Sample

2142671d090e4c857137bff71cc13f05a25fe1e95bb8fcf80f554f3adf29910a.apk

Resource

android-x86-arm-20240221-en

hook banker collection discovery evasion infostealer rat stealth trojan

android-9-x86

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2142671d090e4c857137bff71cc13f05a25fe1e95bb8fcf80f554f3adf29910a.apk

Resource

android-x64-20240221-en

hook collection discovery evasion infostealer rat stealth trojan

android-10-x64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

2142671d090e4c857137bff71cc13f05a25fe1e95bb8fcf80f554f3adf29910a.apk

Resource

android-x64-arm64-20240221-en

hook banker collection discovery evasion infostealer rat stealth trojan

android-11-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

hook

C2

http://170.64.183.64:3434

AES_key

Targets

- Target
  
  2142671d090e4c857137bff71cc13f05a25fe1e95bb8fcf80f554f3adf29910a.bin
- Size
  
  1.1MB
- MD5
  
  0b98aa107b4610cc9c2b15e685e9c802
- SHA1
  
  cf612eedbe423d7c30a4bf09c3e798e08a512458
- SHA256
  
  2142671d090e4c857137bff71cc13f05a25fe1e95bb8fcf80f554f3adf29910a
- SHA512
  
  ea2c03fb5194b4ff2957ffbcdda475924f4f99f86a83b747ff63725cf0789ecbd19b06db858bc7d7b433fe3fbb992f197417bf3954add8f3e3ace31131b3f3c4
- SSDEEP
  
  24576:BT282S4HtuWZ0p46B8ZJ8SV2BrpM7k9eLxg/Si:Ba82S4NZOp46B8Z60VLxg/p
Score

10^/10

hook banker collection discovery evasion infostealer rat stealth trojan
- Hook
  Hook is an Android malware that is based on Ermac with RAT capabilities.
  rat trojan infostealer hook
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Removes its main activity from the application launcher
  stealth trojan evasion
- Requests enabling of the accessibility settings.
- Acquires the wake lock
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hookbankercollectiondiscoveryevasioninfostealerratstealthtrojan

behavioral2

hookcollectiondiscoveryevasioninfostealerratstealthtrojan

behavioral3

hookbankercollectiondiscoveryevasioninfostealerratstealthtrojan

© 2018-2024

Terms | Privacy