General

  • Target

    a2fb9d371732350875a5ff52993254b553520651d2804af6d3b197b598b19d5f.bin

  • Size

    1.1MB

  • Sample

    241022-13fkwawhjb

  • MD5

    b54a43794b6e4fa5c8c0c8c5194d208e

  • SHA1

    d0e662bc1379fe6a00c635d3961b801458816518

  • SHA256

    a2fb9d371732350875a5ff52993254b553520651d2804af6d3b197b598b19d5f

  • SHA512

    1b657343e64ace47e0d669924f3477f92055d75657c425a898cd3879295bd596f746d671f86ac09819084254f4d6ce12b42de908cd0847c76fbc1a436bb09323

  • SSDEEP

    24576:DLg/2N5ug1t1SlUMREmr5MHJVE041uh2kcNXzu0HO62o:/g/nAt1wZqmGpV21hk2u0HO67

Malware Config

Extracted

Family

ermac

C2

http://2.58.56.39:3434

AES_key
AES_key

Targets

    • Target

      a2fb9d371732350875a5ff52993254b553520651d2804af6d3b197b598b19d5f.bin

    • Size

      1.1MB

    • MD5

      b54a43794b6e4fa5c8c0c8c5194d208e

    • SHA1

      d0e662bc1379fe6a00c635d3961b801458816518

    • SHA256

      a2fb9d371732350875a5ff52993254b553520651d2804af6d3b197b598b19d5f

    • SHA512

      1b657343e64ace47e0d669924f3477f92055d75657c425a898cd3879295bd596f746d671f86ac09819084254f4d6ce12b42de908cd0847c76fbc1a436bb09323

    • SSDEEP

      24576:DLg/2N5ug1t1SlUMREmr5MHJVE041uh2kcNXzu0HO62o:/g/nAt1wZqmGpV21hk2u0HO67

    • Ermac

      An Android banking trojan first seen in July 2021.

    • Removes its main activity from the application launcher

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Obtains sensitive information copied to the device clipboard

      Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    • Queries the phone number (MSISDN for GSM devices)

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

    • Queries the mobile country code (MCC)

    • Queries the unique device ID (IMEI, MEID, IMSI)

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Mobile v15

Tasks