Overview

overview

10

Static

static

10

39d8f34b85...9b.apk

android-9-x86

10

39d8f34b85...9b.apk

android-10-x64

10

39d8f34b85...9b.apk

android-11-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    39d8f34b85ee1bb3a164ae8181af0130579480317e2e449186043caf125a7b9b.bin

  • Size

    1.1MB

  • Sample

    250414-1xx8qsyvdv

  • MD5

    1b28003eff4d3015d0302537bcd2e828

  • SHA1

    9cad8fe7bdfe2614a8d16dd6a480f943d050aad3

  • SHA256

    39d8f34b85ee1bb3a164ae8181af0130579480317e2e449186043caf125a7b9b

  • SHA512

    43f42f1a99bd1896aec8dbadbc207aad4e4d6e616385d7cde154b836e80fc78ba7bb4d47c6ce6424e14aee289ecbdad7cb8702426068c874012789f69e03f2c8

  • SSDEEP

    24576:avwyq/ik8ZQIXmyQ9daAuVTME0ugd8m6XdrU/o3yi2g/BchN:avwR786Igi7NXe//i2g/cN

Score
10/10
ermachookandroidcollectioncredential_accessdefense_evasiondiscoveryevasionexecutioninfostealerpersistencerattrojan

Malware Config

Targets

    • Target

      39d8f34b85ee1bb3a164ae8181af0130579480317e2e449186043caf125a7b9b.bin

    • Size

      1.1MB

    • MD5

      1b28003eff4d3015d0302537bcd2e828

    • SHA1

      9cad8fe7bdfe2614a8d16dd6a480f943d050aad3

    • SHA256

      39d8f34b85ee1bb3a164ae8181af0130579480317e2e449186043caf125a7b9b

    • SHA512

      43f42f1a99bd1896aec8dbadbc207aad4e4d6e616385d7cde154b836e80fc78ba7bb4d47c6ce6424e14aee289ecbdad7cb8702426068c874012789f69e03f2c8

    • SSDEEP

      24576:avwyq/ik8ZQIXmyQ9daAuVTME0ugd8m6XdrU/o3yi2g/BchN:avwR786Igi7NXe//i2g/cN

    Score
    10/10
    hookcollectioncredential_accessdefense_evasiondiscoveryevasionexecutioninfostealerpersistencerattrojan

    • Hook

      Hook is an Android malware that is based on Ermac with RAT capabilities.

      rattrojaninfostealerhook

    • Hook family

      hook

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectiondefense_evasioncredential_access

    • Queries information about running processes on the device

      Application may abuse the framework's APIs to collect information about running processes on the device.

      discovery

    • Queries the phone number (MSISDN for GSM devices)

      discovery

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      defense_evasionpersistence

    • Performs UI accessibility actions on behalf of the user

      Application may abuse the accessibility service to prevent their removal.

      evasion

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

      discovery

    • Queries the mobile country code (MCC)

      discovery

    • Reads information about phone network operator.

      discovery

    • Requests enabling of the accessibility settings.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Mobile v16

Tasks