ermac | f556fde64e284290d98ed7eb41a3df59bb49678f064e6fc37ab8a939e54a33a7

Sharing

General

Target

f556fde64e284290d98ed7eb41a3df59bb49678f064e6fc37ab8a939e54a33a7.bin
Size

1.1MB
Sample

240630-14hfvsxclh
MD5

935727fed9c86606fe63b05636b8f248
SHA1

620e899a3897cd082fb663b415b20d1c2b276916
SHA256

f556fde64e284290d98ed7eb41a3df59bb49678f064e6fc37ab8a939e54a33a7
SHA512

36cd509ff85979f29273e98882c31646e63a208058c73d259dc17bc1721a966e7616398d1f7ca1ecd1adaec744c45ac1829c6ad94543e3e413797d3815940590
SSDEEP

24576:+b5xoLthBy6XdJk59oPGIFV9qruoVpOf5ojyFFg//rPG:QqrK9YGIFV8rg5XFFg/zG

Score

10^/10

Malware Config

Extracted

Family

hook

http://91.151.89.25:3434

AES_key

Targets

- Target
  
  f556fde64e284290d98ed7eb41a3df59bb49678f064e6fc37ab8a939e54a33a7.bin
- Size
  
  1.1MB
- MD5
  
  935727fed9c86606fe63b05636b8f248
- SHA1
  
  620e899a3897cd082fb663b415b20d1c2b276916
- SHA256
  
  f556fde64e284290d98ed7eb41a3df59bb49678f064e6fc37ab8a939e54a33a7
- SHA512
  
  36cd509ff85979f29273e98882c31646e63a208058c73d259dc17bc1721a966e7616398d1f7ca1ecd1adaec744c45ac1829c6ad94543e3e413797d3815940590
- SSDEEP
  
  24576:+b5xoLthBy6XdJk59oPGIFV9qruoVpOf5ojyFFg//rPG:QqrK9YGIFV8rg5XFFg/zG
Score

10^/10

hook collection credential_access discovery evasion execution impact infostealer persistence rat stealth trojan
- Hook
  Hook is an Android malware that is based on Ermac with RAT capabilities.
  rat trojan infostealer hook
- Removes its main activity from the application launcher
  stealth trojan evasion
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
  collection evasion credential_access
- Obtains sensitive information copied to the device clipboard
  Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
  collection credential_access impact
- Queries information about running processes on the device
  Application may abuse the framework's APIs to collect information about running processes on the device.
  discovery
- Queries the phone number (MSISDN for GSM devices)
  discovery
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Performs UI accessibility actions on behalf of the user
  Application may abuse the accessibility service to prevent their removal.
  evasion
- Queries information about the current Wi-Fi connection
  Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
  discovery
- Queries the mobile country code (MCC)
  discovery
- Reads information about phone network operator.
  discovery
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Hook

Removes its main activity from the application launcher

Makes use of the framework's Accessibility service

Obtains sensitive information copied to the device clipboard

Queries information about running processes on the device

Queries the phone number (MSISDN for GSM devices)

Acquires the wake lock

Makes use of the framework's foreground persistence service

Performs UI accessibility actions on behalf of the user

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3