General
-
Target
e108ea1e0994bc4c630e06154bcff1c699ff316c54a91e22ff2fa57db04fe643.bin
-
Size
2.3MB
-
Sample
241117-1zejeaynhz
-
MD5
3bf1c6d473bcc6016df78ad9ca8bae92
-
SHA1
e5630ebda113ed338aa0fd55de6336bfebec9dd6
-
SHA256
e108ea1e0994bc4c630e06154bcff1c699ff316c54a91e22ff2fa57db04fe643
-
SHA512
98a32a3c10be489859b782568729f4bd8b06f6e51a5484b49babf3215025eaae3386bc3a40e6a7837766aee160c922106755357b612a2874413b96ec937e9ea3
-
SSDEEP
49152:gDtzOHJi+hil20NEGpYXeysPGRoAX3og/cMQXJXuY5Ui:gBzK3il20H9IzQ5+i
Behavioral task
behavioral1
Sample
e108ea1e0994bc4c630e06154bcff1c699ff316c54a91e22ff2fa57db04fe643.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
e108ea1e0994bc4c630e06154bcff1c699ff316c54a91e22ff2fa57db04fe643.apk
Resource
android-x64-20240624-en
Malware Config
Extracted
ermac
http://154.216.20.166:3434
Targets
-
-
Target
e108ea1e0994bc4c630e06154bcff1c699ff316c54a91e22ff2fa57db04fe643.bin
-
Size
2.3MB
-
MD5
3bf1c6d473bcc6016df78ad9ca8bae92
-
SHA1
e5630ebda113ed338aa0fd55de6336bfebec9dd6
-
SHA256
e108ea1e0994bc4c630e06154bcff1c699ff316c54a91e22ff2fa57db04fe643
-
SHA512
98a32a3c10be489859b782568729f4bd8b06f6e51a5484b49babf3215025eaae3386bc3a40e6a7837766aee160c922106755357b612a2874413b96ec937e9ea3
-
SSDEEP
49152:gDtzOHJi+hil20NEGpYXeysPGRoAX3og/cMQXJXuY5Ui:gBzK3il20H9IzQ5+i
-
Ermac family
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries the phone number (MSISDN for GSM devices)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries the mobile country code (MCC)
-
Queries the unique device ID (IMEI, MEID, IMSI)
-
Reads information about phone network operator.
-