Overview

overview

10

Static

static

10

Trojan;And...TB.apk

android-9-x86

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Trojan;AndroidOSErmak.A!MTB.apk

  • Size

    1.1MB

  • Sample

    240816-1cxrgasaln

  • MD5

    3408736ab7a0690fb2a8e7d633914bd1

  • SHA1

    905eb749444f2e7337d1622d5649548dc9852753

  • SHA256

    7682a4ba33589368f805dff5965978bcc627ae97e09976a331080777e8954f44

  • SHA512

    5fa0a557877c2e603b96249a0072c1da3fe28cb56cfc9dee0ac18a0f65aa376ce8d801e75b533512aeb885bcadc1d9d47a32a07eafaa1aea1e0af9496b2a995d

  • SSDEEP

    24576:1W2o1/kIziFZJUEQ/a18wyhyT/ojyq7g/e6By:KRkoiF8EOa18wym/Xq7g/Dy

Score
10/10
ermachookandroidcollectioncredential_accessdiscoveryevasionexecutioninfostealerpersistencerattrojan

Malware Config

Targets

    • Target

      Trojan;AndroidOSErmak.A!MTB.apk

    • Size

      1.1MB

    • MD5

      3408736ab7a0690fb2a8e7d633914bd1

    • SHA1

      905eb749444f2e7337d1622d5649548dc9852753

    • SHA256

      7682a4ba33589368f805dff5965978bcc627ae97e09976a331080777e8954f44

    • SHA512

      5fa0a557877c2e603b96249a0072c1da3fe28cb56cfc9dee0ac18a0f65aa376ce8d801e75b533512aeb885bcadc1d9d47a32a07eafaa1aea1e0af9496b2a995d

    • SSDEEP

      24576:1W2o1/kIziFZJUEQ/a18wyhyT/ojyq7g/e6By:KRkoiF8EOa18wym/Xq7g/Dy

    Score
    10/10
    hookcollectioncredential_accessdiscoveryevasionexecutioninfostealerpersistencerattrojan

    • Hook

      Hook is an Android malware that is based on Ermac with RAT capabilities.

      rattrojaninfostealerhook

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests enabling of the accessibility settings.

    behavioral1

MITRE ATT&CK Mobile v15

Tasks