ermac | 41e93e1808476b90c5154aa10f2970c543266a7b5fcc51dca0911eb1e258305b

Sharing

General

Target

41e93e1808476b90c5154aa10f2970c543266a7b5fcc51dca0911eb1e258305b.bin
Size

2.7MB
Sample

240619-11vxsatfmd
MD5

fd0fbc08a4a72b891ca3c253f35b7c7e
SHA1

498d37aa2ddb63a15edd2513205de90cd982a0a5
SHA256

41e93e1808476b90c5154aa10f2970c543266a7b5fcc51dca0911eb1e258305b
SHA512

c85e0c509fea6d448450a0383526f871bcc07aef5f8df1bfaadbbfd19b3a07c80104f7494eb18afe971ffef4c960dbfedf54a85775661f98cc1b90c8ed98cffd
SSDEEP

49152:8U5zdvHlkcOy7dOlyhwOFQY/2Totm7VQe6Sq820aaWEiD+rNSu7k:x7FfOy76yhwAQe2Et06SP20cERr17k

Score

10^/10

Malware Config

Extracted

Family

hook

http://94.156.8.171:80

AES_key

Targets

- Target
  
  41e93e1808476b90c5154aa10f2970c543266a7b5fcc51dca0911eb1e258305b.bin
- Size
  
  2.7MB
- MD5
  
  fd0fbc08a4a72b891ca3c253f35b7c7e
- SHA1
  
  498d37aa2ddb63a15edd2513205de90cd982a0a5
- SHA256
  
  41e93e1808476b90c5154aa10f2970c543266a7b5fcc51dca0911eb1e258305b
- SHA512
  
  c85e0c509fea6d448450a0383526f871bcc07aef5f8df1bfaadbbfd19b3a07c80104f7494eb18afe971ffef4c960dbfedf54a85775661f98cc1b90c8ed98cffd
- SSDEEP
  
  49152:8U5zdvHlkcOy7dOlyhwOFQY/2Totm7VQe6Sq820aaWEiD+rNSu7k:x7FfOy76yhwAQe2Et06SP20cERr17k
Score

1^/10
behavioral1 behavioral2 behavioral3
- Target
  
  childapp.apk
- Size
  
  1.1MB
- MD5
  
  35189e34c0a64ed8ad485ebabc610ccc
- SHA1
  
  ae0c1664b66a1054845177db480cdc79341eac23
- SHA256
  
  b2bfee6c6e03d3fd453f584ef0fb8614efae7e9beee92de9bc436926666f5846
- SHA512
  
  543b22eb59a95d61a7efe5fbb2c84a91318efe97054eb95595e97a4a875bdaef25f94732ddf326af93a2b4d957a68d6dc348bfef0131f8338f272dbac2c192c0
- SSDEEP
  
  24576:us1Xxj3XEEtfQMhW484DUuu2MAud1AMjySog/gnT:vXxRfQWW484o72MAnSog/0
Score

10^/10

hook banker collection credential_access discovery evasion execution impact infostealer persistence rat trojan
- Hook
  Hook is an Android malware that is based on Ermac with RAT capabilities.
  rat trojan infostealer hook
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
behavioral4 behavioral5 behavioral6

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Hook

Makes use of the framework's Accessibility service

Obtains sensitive information copied to the device clipboard

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Acquires the wake lock

Makes use of the framework's foreground persistence service

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Reads information about phone network operator.

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6