ermac | 24138429cc3fd83cf3e344240b6239c7271a272a8352b613dc302430d8550706 | Triage

Sharing

General

Target

24138429cc3fd83cf3e344240b6239c7271a272a8352b613dc302430d8550706.bin
Size

1009KB
Sample

250409-13bxpatnw5
MD5

17a01801c020bb847bfe00385a0ec48b
SHA1

e6ec9c7c2ff624fa09062c539fa88d82fb5a7947
SHA256

24138429cc3fd83cf3e344240b6239c7271a272a8352b613dc302430d8550706
SHA512

a3300519e34bccbb3c399c28442625d53d83fe11a72ab317580c3f501522b8f549421d35fe422888cbc653d9a4d4d0d4e61fff1cf75b03554da4e0435fe460c0
SSDEEP

24576:XRx+HPcNxa1ZGJargUmB9zFf/zFffgZSH58g/5UB:XXGcNQGUSBhZ8g/S

Score

10^/10

ermac android defense_evasion discovery impact persistence

Malware Config

Targets

- Target
  
  24138429cc3fd83cf3e344240b6239c7271a272a8352b613dc302430d8550706.bin
- Size
  
  1009KB
- MD5
  
  17a01801c020bb847bfe00385a0ec48b
- SHA1
  
  e6ec9c7c2ff624fa09062c539fa88d82fb5a7947
- SHA256
  
  24138429cc3fd83cf3e344240b6239c7271a272a8352b613dc302430d8550706
- SHA512
  
  a3300519e34bccbb3c399c28442625d53d83fe11a72ab317580c3f501522b8f549421d35fe422888cbc653d9a4d4d0d4e61fff1cf75b03554da4e0435fe460c0
- SSDEEP
  
  24576:XRx+HPcNxa1ZGJargUmB9zFf/zFffgZSH58g/5UB:XXGcNQGUSBhZ8g/S
Score

6^/10

defense_evasion discovery impact persistence
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Queries the mobile country code (MCC)
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v16

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

Tasks

static1

behavioral1

behavioral2

defense_evasiondiscoveryimpactpersistence

behavioral3

defense_evasiondiscoveryimpactpersistence