Extracted

Extracted

• • Target

    95a9a3138aa478f0686bc36adf381a2bac3a6f31293061aabac856f43d057c48

  • Size

    18.0MB

  • MD5

    cee85954a7ef079b0c154f6b5bf96e84

  • SHA1

    b2074aeab78e029b63d5aeb5436f31a26c2ac1f8

  • SHA256

    95a9a3138aa478f0686bc36adf381a2bac3a6f31293061aabac856f43d057c48

  • SHA512

    484c2c6a34c9cc0879cced18926bfd00820aff5d28d025ee9eefe23c972e18c93766f22b07137f80c749a3180ff5666cd18427439a2323d018e6fd3eebb0d605

  • SSDEEP

    393216:ugjuCiPE8U46gtpMAuGw8JaJCMzDIwDBbVAH6J+Kh:XuCl746mptuGwAQDDDAKh

  Score

  10^/10

  ermachookbankercollectioncredential_accessdefense_evasiondiscoveryevasionexecutionimpactinfostealerpersistencerattrojanstealth

  • Ermac

    An Android banking trojan first seen in July 2021.

    bankertrojaninfostealerermac

  • Ermac family

    ermac

  • Ermac2 payload

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook

  • Hook family

    hook

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectiondefense_evasioncredential_access

  • Queries information about running processes on the device

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Reads the contacts stored on the device.

    collection

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    defense_evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about the current Wi-Fi connection

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery

  • Reads information about phone network operator.

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    defense_evasion

  • Requests enabling of the accessibility settings.

  behavioral1behavioral2