General
-
Target
4b807adf64b0928dde464851b11ba1d8fe9b09ed6590f0d407a743e4bef2a704.bin
-
Size
1.4MB
-
Sample
240322-1ywfjahe53
-
MD5
4eeefae90ae2b2e32da24cbcf1eef056
-
SHA1
5c25136ac3e5cb2f94cb65beda2d0906a10b1264
-
SHA256
4b807adf64b0928dde464851b11ba1d8fe9b09ed6590f0d407a743e4bef2a704
-
SHA512
843282ae5af99ae750113f10062d6767b7e6a3b7cd7a3d8424e633855dceb15023c6fc1a6bc88e8c32bea5c36e00a5276c550055d73d72b962eaf80901d37b99
-
SSDEEP
24576:eM0Bb9zsil6DUOecV8Ads2TnfvI+jp3VWm4SpOKTRHZN/rBNF3:z0BZzs2JMyAW2D3I+ZVUK1HbjBn3
Malware Config
Extracted
ermac
Extracted
hook
Targets
-
-
Target
4b807adf64b0928dde464851b11ba1d8fe9b09ed6590f0d407a743e4bef2a704.bin
-
Size
1.4MB
-
MD5
4eeefae90ae2b2e32da24cbcf1eef056
-
SHA1
5c25136ac3e5cb2f94cb65beda2d0906a10b1264
-
SHA256
4b807adf64b0928dde464851b11ba1d8fe9b09ed6590f0d407a743e4bef2a704
-
SHA512
843282ae5af99ae750113f10062d6767b7e6a3b7cd7a3d8424e633855dceb15023c6fc1a6bc88e8c32bea5c36e00a5276c550055d73d72b962eaf80901d37b99
-
SSDEEP
24576:eM0Bb9zsil6DUOecV8Ads2TnfvI+jp3VWm4SpOKTRHZN/rBNF3:z0BZzs2JMyAW2D3I+ZVUK1HbjBn3
Score10/10-
Ermac
An Android banking trojan first seen in July 2021.
-
Ermac2 payload
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Requests enabling of the accessibility settings.
-
Acquires the wake lock
-
Reads information about phone network operator.
-