ermac | 645009f54f905fc1028e14d6277f554b7488a554ae1ad23ab178b912956e6f52 | Triage

Sharing

General

Target

645009f54f905fc1028e14d6277f554b7488a554ae1ad23ab178b912956e6f52
Size

2.8MB
Sample

240325-pwav9sag5s
MD5

375b10c55c8cb7b29524fe417d243396
SHA1

52be64e2b7813ad5be64698fc15f9a58de89b904
SHA256

645009f54f905fc1028e14d6277f554b7488a554ae1ad23ab178b912956e6f52
SHA512

b9257eb55c6265f6f97cfe118f677e57cff66a2ccbe39a14442218ed3a5d489e5c21a89e4e4df4805f515a204e9f3fb0ad580b1e05f063aad1969ed47040b1ff
SSDEEP

49152:ver8veugaZqoQdIU7MIVZz9AAFGpVc1KjrTCnsby0tCWelLpG/Xx3g/g8:ver8veu9qoQdIU4yqKKn9Vt2AXz8

Score

10^/10

ermac hook android banker collection discovery evasion infostealer persistence rat trojan

Malware Config

Extracted

Family

hook

C2

http://109.107.182.168:3434

AES_key

Targets

- Target
  
  645009f54f905fc1028e14d6277f554b7488a554ae1ad23ab178b912956e6f52
- Size
  
  2.8MB
- MD5
  
  375b10c55c8cb7b29524fe417d243396
- SHA1
  
  52be64e2b7813ad5be64698fc15f9a58de89b904
- SHA256
  
  645009f54f905fc1028e14d6277f554b7488a554ae1ad23ab178b912956e6f52
- SHA512
  
  b9257eb55c6265f6f97cfe118f677e57cff66a2ccbe39a14442218ed3a5d489e5c21a89e4e4df4805f515a204e9f3fb0ad580b1e05f063aad1969ed47040b1ff
- SSDEEP
  
  49152:ver8veugaZqoQdIU7MIVZz9AAFGpVc1KjrTCnsby0tCWelLpG/Xx3g/g8:ver8veu9qoQdIU4yqKKn9Vt2AXz8
Score

10^/10

hook banker collection discovery evasion infostealer persistence rat trojan
- Hook
  Hook is an Android malware that is based on Ermac with RAT capabilities.
  rat trojan infostealer hook
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Acquires the wake lock
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Input Injection

Credential Access

Discovery

Software Discovery

Security Software Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Screen Capture

Command and Control

Exfiltration

Impact

Input Injection

Tasks

static1

behavioral1

hookbankercollectiondiscoveryevasioninfostealerpersistencerattrojan

behavioral2

hookbankercollectiondiscoveryevasioninfostealerpersistencerattrojan

behavioral3

hookbankercollectiondiscoveryevasioninfostealerpersistencerattrojan