ermac | 697a13b1358a09008afcf17117a04cb253a11a30cd24944be1c60a4696dc27f0

General

Target

e07fd729182650c77f29293c6e4522c5
Size

1.1MB
Sample

240501-x8p5qaee9t
MD5

e07fd729182650c77f29293c6e4522c5
SHA1

9e0c183e6ef61953cea9d29bf4fc6ea2cbd8a164
SHA256

697a13b1358a09008afcf17117a04cb253a11a30cd24944be1c60a4696dc27f0
SHA512

8673e7b983773e58f83d4a75b7a7cc7dbb6d0bfcc16d47848800cd491fb224880e1867fe198ac35f3dec496f2154a5792539bfa2e27cb557336331379e86dca7
SSDEEP

24576:sbKs3t7YSbMlettFATgZYfw20V/ojyx5g/Qn2q:zW5YSRFATgyfw2E/Xx5g/7q

Score

10^/10

Malware Config

Extracted

Family

hook

C2

http://54.36.113.159:3434

Targets

- Target
  
  e07fd729182650c77f29293c6e4522c5
- Size
  
  1.1MB
- MD5
  
  e07fd729182650c77f29293c6e4522c5
- SHA1
  
  9e0c183e6ef61953cea9d29bf4fc6ea2cbd8a164
- SHA256
  
  697a13b1358a09008afcf17117a04cb253a11a30cd24944be1c60a4696dc27f0
- SHA512
  
  8673e7b983773e58f83d4a75b7a7cc7dbb6d0bfcc16d47848800cd491fb224880e1867fe198ac35f3dec496f2154a5792539bfa2e27cb557336331379e86dca7
- SSDEEP
  
  24576:sbKs3t7YSbMlettFATgZYfw20V/ojyx5g/Qn2q:zW5YSRFATgyfw2E/Xx5g/7q
Score

10^/10

hook collection credential_access discovery evasion infostealer persistence rat trojan stealth
- Hook
  Hook is an Android malware that is based on Ermac with RAT capabilities.
  rat trojan infostealer hook
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Removes its main activity from the application launcher
  stealth trojan evasion
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Registers a broadcast receiver at runtime (usually for listening for system events)
  persistence
- Requests enabling of the accessibility settings.
- Acquires the wake lock
- Reads information about phone network operator.
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Hook

Makes use of the framework's Accessibility service

Removes its main activity from the application launcher

Makes use of the framework's foreground persistence service

Queries information about running processes on the device

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Queries the phone number (MSISDN for GSM devices)

Registers a broadcast receiver at runtime (usually for listening for system events)

Requests enabling of the accessibility settings.

Acquires the wake lock

Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3