ermac | f27356848d8d106272cd05be2778d147511cbafe75e9480d98a6f3ee91d3448b

Sharing

General

Target

f27356848d8d106272cd05be2778d147511cbafe75e9480d98a6f3ee91d3448b.bin
Size

1.1MB
Sample

240625-1yc9ysydlq
MD5

896a7930df223553ab0987fc69347f08
SHA1

b883764c91d17f30c17c1b587311d868c00840e6
SHA256

f27356848d8d106272cd05be2778d147511cbafe75e9480d98a6f3ee91d3448b
SHA512

5c5fcedda68324d7ab9a4f7682894a5958e2c98c970e3ff2354359efff2ceae670cccc7456f40f14e56d4a8db84bc23ac6c013658c382eb952dd1752b729136e
SSDEEP

24576:JtwRisrnsWEE1xS8gwNzUn7x5WojLGzg/YFHaH:vsrAE108gwN8xgeGzg/FH

Score

10^/10

Malware Config

Extracted

Family

hook

AES_key

Targets

- Target
  
  f27356848d8d106272cd05be2778d147511cbafe75e9480d98a6f3ee91d3448b.bin
- Size
  
  1.1MB
- MD5
  
  896a7930df223553ab0987fc69347f08
- SHA1
  
  b883764c91d17f30c17c1b587311d868c00840e6
- SHA256
  
  f27356848d8d106272cd05be2778d147511cbafe75e9480d98a6f3ee91d3448b
- SHA512
  
  5c5fcedda68324d7ab9a4f7682894a5958e2c98c970e3ff2354359efff2ceae670cccc7456f40f14e56d4a8db84bc23ac6c013658c382eb952dd1752b729136e
- SSDEEP
  
  24576:JtwRisrnsWEE1xS8gwNzUn7x5WojLGzg/YFHaH:vsrAE108gwN8xgeGzg/FH
Score

10^/10

hook collection credential_access discovery evasion execution impact infostealer persistence rat trojan banker stealth
- Hook
  Hook is an Android malware that is based on Ermac with RAT capabilities.
  rat trojan infostealer hook
- Removes its main activity from the application launcher
  stealth trojan evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker discovery
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Requests enabling of the accessibility settings.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Hook

Removes its main activity from the application launcher

Makes use of the framework's Accessibility service

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Acquires the wake lock

Makes use of the framework's foreground persistence service

Performs UI accessibility actions on behalf of the user

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Requests enabling of the accessibility settings.

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3