General
-
Target
495a0621b2afc6adefbf17dc6c3cf5e92ba8227ac6939a20439b1b9dde878617.apk
-
Size
3.7MB
-
Sample
240830-cl9wdsteqp
-
MD5
a88a497b3ae6bb84209cac0906df61a7
-
SHA1
fd80903a98e187bc841a0aabe04528cc1654b8ee
-
SHA256
495a0621b2afc6adefbf17dc6c3cf5e92ba8227ac6939a20439b1b9dde878617
-
SHA512
684e5ea64375791c2195dd1459d868e6ed2d40ab376b5477e0964c43a4eccc57aab66ce08a55eddb51d1edc6503cf12c9c7ab7f27eb815105ec4ec31ecff5d7a
-
SSDEEP
49152:4GXx4KE5XqsZKV0dw8zbn3A9/HKu84zXYenCh4ebzds31j/D0NcxZBD5I:cz5XqsZDnwxnXYenUP/dsOyxrD+
Static task
static1
Behavioral task
behavioral1
Sample
495a0621b2afc6adefbf17dc6c3cf5e92ba8227ac6939a20439b1b9dde878617.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
495a0621b2afc6adefbf17dc6c3cf5e92ba8227ac6939a20439b1b9dde878617.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
495a0621b2afc6adefbf17dc6c3cf5e92ba8227ac6939a20439b1b9dde878617.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
ermac
http://185.215.113.42:3000
Extracted
cerberus
http://185.215.113.42:3000
Targets
-
-
Target
495a0621b2afc6adefbf17dc6c3cf5e92ba8227ac6939a20439b1b9dde878617.apk
-
Size
3.7MB
-
MD5
a88a497b3ae6bb84209cac0906df61a7
-
SHA1
fd80903a98e187bc841a0aabe04528cc1654b8ee
-
SHA256
495a0621b2afc6adefbf17dc6c3cf5e92ba8227ac6939a20439b1b9dde878617
-
SHA512
684e5ea64375791c2195dd1459d868e6ed2d40ab376b5477e0964c43a4eccc57aab66ce08a55eddb51d1edc6503cf12c9c7ab7f27eb815105ec4ec31ecff5d7a
-
SSDEEP
49152:4GXx4KE5XqsZKV0dw8zbn3A9/HKu84zXYenCh4ebzds31j/D0NcxZBD5I:cz5XqsZDnwxnXYenUP/dsOyxrD+
-
Ermac payload
-
Checks Android system properties for emulator presence.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Defense Evasion
Download New Code at Runtime
1Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
3System Checks
3Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1