ermac | ef4e0e2593eaccc73632054c0244e858e1dc0bc1149cde36d74bf41fb03fddb4

Sharing

Copy URL

Twitter E-mail

General

Target

ermac v3 çalışan panel.zip
Size

156.9MB
Sample

240406-zqb69abe73
MD5

bc4734cbdeb2545eb1f1d4dc47d3f5e8
SHA1

731cbe0df75893f4dbca64e6d01e94a84bd051f7
SHA256

ef4e0e2593eaccc73632054c0244e858e1dc0bc1149cde36d74bf41fb03fddb4
SHA512

4cd775d35eabe12bd33e133bef681bc6013508b5d3545fe7f8e049e3c9715d0a09335286e50693dd35226462b72b226322d9fffa4b4c406cf7653bc9c5ae6f12
SSDEEP

3145728:dgr3gGFc1fR0v3nr37BjwCDQGpjKrHULKS8DhK9Inrl4QQS0PwlcdQ91LU5ukm0T:artFcwrBjwCDQ82r0GDdnZ4QQS+wlMQK

Score

10^/10

Malware Config

Targets

- Target
  
  www/backend/23.02.2023-update.sh
- Size
  
  340B
- MD5
  
  1d926c1aef4dd8d4f50d9df6bf955baa
- SHA1
  
  419d79f6fdf03adabc1f0284ccf8cc8ee164c1f7
- SHA256
  
  ed75942c4b85bfc875f2405f19e73701dfc0525fa197247a01db0d609209872a
- SHA512
  
  40444a5e8537a39eadb82c37e833a5ec5d1849b32ffb9ba8c836dffec707b177a7d24ee16a0b26e1f315a7a04e23fecca77cc381f33d927bc2300370a828f438
Score

3^/10
behavioral1 behavioral2
- Target
  
  www/backend/app/Http/Controllers/Api/v1/AutoCommandsController.php
- Size
  
  4KB
- MD5
  
  6974aaacfe101e961cd4af6a97a8b28d
- SHA1
  
  082195ba2508dfdf36741c1bb18278b1b13664c0
- SHA256
  
  c224ba4581e7afd1891a3e8806370b0ce0ba4751a9a00007cebc5b045965b7d7
- SHA512
  
  1f40a0a76b3bca23eca5523a057d475ffd47e3d7b25ba999d9d2bcf2fdb8c6faa6ae7f74abc375a277feb37ad72d8a2b969000eaaa3b9247d34adc7e4ac79cd2
- SSDEEP
  
  96:8toG3uh1sn6BR6f46Fa5ErvSNcY6xqQRnPkY+R9TbgMv6BR6H65rnI4nP1S:moG3uh1snGR1lk2G681S
Score

1^/10
behavioral3 behavioral4
- Target
  
  www/backend/app/Http/Controllers/Api/v1/Bot/BotInjectionController.php
- Size
  
  1KB
- MD5
  
  3d6c5da296bc8adbf0a1f2ecbf17c1a0
- SHA1
  
  7ec54b1ad1a83d2dc26a002a06b6a49032d6cdf8
- SHA256
  
  9e2843f250ae628c21372fb92a428f56527657ba6bacc36eeaaa691b06ddff9d
- SHA512
  
  cdec7f55bb1252394c906fcfcde41bb7de726e3fb4c969bc4bca59b72702569317ad6c7a30610a7f89eecbcc8fd4c5ef6b1e474f234674539d3d7ac6c5b14f7e
Score

1^/10
behavioral5 behavioral6
- Target
  
  www/backend/app/Http/Controllers/Api/v1/LogController.php
- Size
  
  12KB
- MD5
  
  8b166eb854d5d825ebb3a3f928845cae
- SHA1
  
  464abf8cec2ee5d3f8a32a2ef5c09736c4c76aea
- SHA256
  
  cdd5231e9f13ee1f9d84b088f3f5203c933b81447540792cb8390eecf5909d24
- SHA512
  
  4e04bf6cf52b45e6accb410a668bd8ddb78bbe193e2f5877aa9a5b8ac64b88d5e6574f11282f44365612fafabfc2ad63f7b4f95de2bf477678694746ad351b5c
- SSDEEP
  
  192:/rh/u61St6gHbZPUiqeuRFIyL0TyReSn5V1Rda1x9m:jh/u6ktfaVgyR/5VoI
Score

1^/10
behavioral7 behavioral8
- Target
  
  www/backend/app/Http/Controllers/Api/v1/UserController.php
- Size
  
  5KB
- MD5
  
  24a2051979faaa0632b190e5eff153a5
- SHA1
  
  011dd6f2326e1e341d7115c1715721dba483183f
- SHA256
  
  c51d66e65fa6d4e8ee06faa5f3c81fb035159f02c2cd34fe7dbc94a16e212d4b
- SHA512
  
  bf9b72e0feba5b46e1ee3d0b91edb88d496e04bbfbbb427e74f0cf58dea4114a5faab1bf8d60a4e7eef5bd988f2f5177a64157859ad81edbd066c201bc5f0803
- SSDEEP
  
  96:818QG3uHn17pH1BH+XJG66OIjCyS3R6fi1u+KiITSpjDb:s8QG3uHn17pH11+XJG66OIjCySB6fi1T
Score

1^/10
behavioral10 behavioral9
- Target
  
  www/backend/app/Http/Resources/Bot/BotResource.php
- Size
  
  6KB
- MD5
  
  e6984a76f64cfd199678ff25b20a01ab
- SHA1
  
  9ef2ba95a799eb4f4357fad8f7f67e3bca7159e8
- SHA256
  
  55821666f0993dd3b00de42882f5de022f64f00d080fb248b14b146c4a10f3d8
- SHA512
  
  f84065b1328c1ef09f5bc1751a8cf133035963f1950d199f68574f345a0f596e08ff76c96b411a0b69a508dc8d2fb24045e53f855f3fcb017049be008dec058c
- SSDEEP
  
  96:8/xkiryxUyYIbTCe0xllwV/mQYS0FrHM5HTcNcfaJgrqVC3CWvgxVp97j2wTS+Hp:cxVymyYIaeklWmQYSuMhWF6Q
Score

1^/10
behavioral11 behavioral12
- Target
  
  www/backend/app/Providers/RouteServiceProvider.php
- Size
  
  1KB
- MD5
  
  27832ca29322f3c9f4ff4ef909fe0a08
- SHA1
  
  fbc2178e579c3931f2150254d30ca06d1b5c74ec
- SHA256
  
  83a36b4829b2737d46b83c5bc39b6cc3e050ecbf292a6b47df4cc6b017d03efe
- SHA512
  
  71b1693721ee3953ba2e0c36fd47064b178efefa688655e1875f007e1482d9f436698a498471308474b82ba8c46b3512ab337b9a0134ff3b2de13df812f18e87
Score

1^/10
behavioral13 behavioral14
- Target
  
  www/backend/app/Services/InjectionsService.php
- Size
  
  2KB
- MD5
  
  dd7ffc43b02865c7d332dc15a44e3dab
- SHA1
  
  2493d41ae821b82aab4ef9bae85451795594cb51
- SHA256
  
  7e19830f10fc01f9997c83ca6cc8e2ed467346beb8f06e2dcda94edaca7f8044
- SHA512
  
  8615136822938944b34f6e03cef896c3cc594401b74b905f86eed3dd470ba55cc6668b01f86eb135be246461c96f3c393c5adcb34798f779192c524e7f6b35fa
Score

1^/10
behavioral15 behavioral16
- Target
  
  www/backend/app/Services/LogsService/LogsService.php
- Size
  
  21KB
- MD5
  
  2f9942d1d488091b653b3d94e80ddc37
- SHA1
  
  cd553142aff3ac2bfdc03439d3ee4131650b5e46
- SHA256
  
  2304de6f9006fb95432c484ce00c367b7d1fc360266c11002fe222ab405045b4
- SHA512
  
  4f61b8c46596c5004b1b13ca1793dc7c18ad5a1596c25c10261ff370e92ed8fbafee48a91fdbe58590599e8cf2522865931d6d55ca8ec7f52462589b511d41d1
- SSDEEP
  
  192:JgP7VPQHbYCz1qLYDQUijLKKrP/y7Pty6l+CdkZdk15ZSCLpwoAACuBU:J+msLYstyxypggmWCLpwzAC9
Score

1^/10
behavioral17 behavioral18
- Target
  
  www/backend/artisan
- Size
  
  1KB
- MD5
  
  9d88489831f90855deb8783a16c93408
- SHA1
  
  4e3b044dc634aeeb5133ded57e5e535fc52f2fbc
- SHA256
  
  f5645be808d32398cd215ef933c793d806ae56796190579dde4ca8888c584c1b
- SHA512
  
  5245655cd1b921e23224b03bfac1b555dba96400004a4fd8fef55a28a20338b943fda843770484be2f63e0a0eb1b501e658851c9b3cec3bb52cebb6fa0707a8a
Score

7^/10
- Deletes itself
- Executes dropped EXE
- Requests dangerous framework permissions
behavioral19 behavioral20 behavioral21 behavioral22
- Target
  
  www/backend/database/seeders/RolesSeeder.php
- Size
  
  5KB
- MD5
  
  596267107bd8246179ea87cbc6b1f00b
- SHA1
  
  e6f4eb3096a7e620e32be20d7e0f5bb994c6381e
- SHA256
  
  7caaf572914f0d755ec28c8b0e6034e62a4ce6fe211a972d1b9a1339cab75d09
- SHA512
  
  e29b26c9313d61bde2e41092d253c31707e8d3acc492e151e25c4ef12aae5b6844b1d96e4eb179a70c97d953fb0323d4538ab28e3d7c44f4743f74fe495b03a4
- SSDEEP
  
  48:UTGmV/wsiefUT8UG/0HFTQ/hUAN/9UAN/73wDt8ryL:KVBUT8YFTLAsAh3wDt8ryL
Score

1^/10
behavioral23 behavioral24
- Target
  
  www/backend/public/injects/html/banks/ae.ahb.digital.html
- Size
  
  92KB
- MD5
  
  a21403b47f2c49f472a261098338963e
- SHA1
  
  b210c8b1a4929d20b46e6b1df69a64401f47c027
- SHA256
  
  f5bd0ee759cdcbf723c35be37558d656390b63ed505a1c1058156dff83f18dfb
- SHA512
  
  29baf9fcd94eac183e38870df80bdf984a9b77e35c82dd6cddb3ed076eaaed52e2c44528c9e7fce93fe6217b29620783c73d865261f9fe6c296bb8200264a9ba
- SSDEEP
  
  1536:eD/iZdq0x2Y93D4Kys5f40x2Y93D4Kys5fG0x2Y93D4Kys5fo:RRRhR3Ry
Score

1^/10
behavioral25 behavioral26
- Target
  
  www/backend/public/injects/html/banks/ae.almasraf.mobileapp.html
- Size
  
  2.2MB
- MD5
  
  4a56819f139acc3b8551bbc0304c5dcd
- SHA1
  
  3a97e9c2533bce581b34a8c2dfd94464eaa9d726
- SHA256
  
  0d55403d465680ec632563385465d22ecf3a651f4b97ae6b180b4558b7a1b521
- SHA512
  
  5bed514dc2ca5fefec891a25b035dc42e67dd9c118af04c9858528a20381de1ecc61681ea8295b5c6c8f3ad1c1a36ac3d0ed1c66168a826b68fcbdb41251180f
- SSDEEP
  
  24576:5Gr21i4hngoST1xRHMupV4Oe50SeLKq/ajZkrcowPOGr21i4hngoST1xRHMupV44:5viZhTOTmkmviZhTOTmB
Score

1^/10
behavioral27 behavioral28
- Target
  
  www/backend/public/injects/html/banks/ae.hsbc.hsbcuae.html
- Size
  
  21KB
- MD5
  
  4869bf70f8f51d06a480f3417ca87e55
- SHA1
  
  0f80d467aa0d1cfdc7f95f07800ad7629aea797d
- SHA256
  
  c58a87e65b35f78958bcba68828482507acfb3272e5086eb0025e71d3de69517
- SHA512
  
  eb3e26bcbb3ab623dda45bb3077cb9939850f393020965a3908939815c6ab62f8c11e942b04507e4bc6f093e38c9a000ab1faa5c58a40e56b499e3ef2b4ffdd2
- SSDEEP
  
  384:08xi1BLDHQDRSnVLDHLDlKlBBu2LDHQDRSnVLDHQDRSnmmR1MtquXtfqOY:08xCQDRKLDlKlBA2QDRSQDRHmRz
Score

1^/10
behavioral29 behavioral30
- Target
  
  www/backend/public/injects/html/banks/air.app.scb.breeze.android.main.my.prod.html
- Size
  
  43KB
- MD5
  
  9819046a9f984e16124741ed8c7dbb57
- SHA1
  
  e6f9b439ed9fc21ce4e6d23f5cddc9e5917fca5f
- SHA256
  
  3b3f1adcabd446f5161b913a70ddb311e3b02bf4db74a14b7cccc947a16123ce
- SHA512
  
  f5673ce7380bdd00ef07ee2000817adc44b9fca748a87f0f9415504ec73ae721da2c8ba9513724bd90843e9451950824b03243e188870463f5a69e93f20ed239
- SSDEEP
  
  768:u8g7MahDbOOD+WCn21UNqx7GACn21UNqx7G2:aAa5bPQ2eNq82eNqF
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Targets

Deletes itself

Executes dropped EXE

Requests dangerous framework permissions

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32