ermac | c3091c704358f7b326543e9304499e2e5f1e27fcc43d84750c48fda232e37ee6 | Triage

Submit
Reports

Overview

overview

Static

static

c3091c7043...e6.apk

android-9-x86

c3091c7043...e6.apk

android-10-x64

c3091c7043...e6.apk

android-11-x64

Sharing

General

Target

c3091c704358f7b326543e9304499e2e5f1e27fcc43d84750c48fda232e37ee6.bin
Size

3.5MB
Sample

240401-1x6vwagh96
MD5

447868eb6480e83644df360ac8cb42ce
SHA1

500c2b6e50511afcfe385a68bc279d2549894abf
SHA256

c3091c704358f7b326543e9304499e2e5f1e27fcc43d84750c48fda232e37ee6
SHA512

f439c758ef63151d5b012479268dca13c63229dd6e2a064ad46da227aeb4621f0021e3135c02aec4c8ecb1580a955da2d47bb1cc614aa7ca0466027ed8d3a518
SSDEEP

98304:1B5GqqzNIClptDm9P6boJtD15qZ3O+BsaojFuf:HMLH3tqP6boJtjjqyI

Score

10^/10

ermac hook android collection discovery evasion infostealer persistence rat stealth trojan

Static task

static1

5 signatures

Behavioral task

behavioral1

Sample

c3091c704358f7b326543e9304499e2e5f1e27fcc43d84750c48fda232e37ee6.apk

Resource

android-x86-arm-20240221-en

hook collection discovery evasion infostealer persistence rat stealth trojan

android-9-x86

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

c3091c704358f7b326543e9304499e2e5f1e27fcc43d84750c48fda232e37ee6.apk

Resource

android-x64-20240221-en

hook collection discovery evasion infostealer persistence rat stealth trojan

android-10-x64

7 signatures

150 seconds

Behavioral task

behavioral3

Sample

c3091c704358f7b326543e9304499e2e5f1e27fcc43d84750c48fda232e37ee6.apk

Resource

android-x64-arm64-20240221-en

hook collection evasion infostealer persistence rat stealth trojan

android-11-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

hook

C2

http://137.184.228.202:3434

AES_key

Targets

- Target
  
  c3091c704358f7b326543e9304499e2e5f1e27fcc43d84750c48fda232e37ee6.bin
- Size
  
  3.5MB
- MD5
  
  447868eb6480e83644df360ac8cb42ce
- SHA1
  
  500c2b6e50511afcfe385a68bc279d2549894abf
- SHA256
  
  c3091c704358f7b326543e9304499e2e5f1e27fcc43d84750c48fda232e37ee6
- SHA512
  
  f439c758ef63151d5b012479268dca13c63229dd6e2a064ad46da227aeb4621f0021e3135c02aec4c8ecb1580a955da2d47bb1cc614aa7ca0466027ed8d3a518
- SSDEEP
  
  98304:1B5GqqzNIClptDm9P6boJtD15qZ3O+BsaojFuf:HMLH3tqP6boJtjjqyI
Score

10^/10

hook collection discovery evasion infostealer persistence rat stealth trojan
- Hook
  Hook is an Android malware that is based on Ermac with RAT capabilities.
  rat trojan infostealer hook
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion
- Removes its main activity from the application launcher
  stealth trojan evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Requests enabling of the accessibility settings.
- Acquires the wake lock
- Reads information about phone network operator.
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hookcollectiondiscoveryevasioninfostealerpersistenceratstealthtrojan

behavioral2

hookcollectiondiscoveryevasioninfostealerpersistenceratstealthtrojan

behavioral3

hookcollectionevasioninfostealerpersistenceratstealthtrojan

© 2018-2024

Terms | Privacy