Ermak 2.9 Android Botnet Cracked

Ermak 2.9 Android Botnet Cracked

vZip by Prapattimynk

ERMAC is a code-wise inheritor of a well-known malware Cerberus. It uses almost identical data structures when communicating with the C2, it uses the same string data, et cetera.When we first encounte

Android Android 5.0Malicious Scripts
( 882 ratings )
Price: $0
File Ermak 2.9 Android Botnet Cracked
Publisher Prapattimynk
Genre Malicious Scripts
Size 337Mb
File Type Zip
Os Windows
Mod Version Zip
Report Report
Ermak 2.9 Android Botnet Cracked is the most famous version in the Ermak 2.9 Android Botnet Cracked series of publisher
Download

ERMAC is a code-wise inheritor of a well-known malware Cerberus. It uses almost identical data structures when communicating with the C2, it uses the same string data, et cetera.

When we first encountered ERMAC samples, we thought it to be just another variant of Cerberus since the code was leaked several times and a lot of actors try to build their own malware based on its sources. However, the admin panel login page clearly states

Compared to the original Cerberus, ERMAC uses different encryption scheme in communication with the C2: the data is encrypted with AES-128-CBC, and prepended with double word containing the length of the encoded data

Commands list

The commands ERMAC receives and processes, are almost identical to the latest Cerberus commands. A couple of commands are added that can clear the cache of the specified application and steal device accounts (new commands bold).

CommandDescription
pushShows a push notification (clicking on the notification will result in launching specified app)
startAuthenticator2Launches the Google Authenticator application
startAdminTriggers request for admin privileges
startAppStarts the specified application
getInstallAppsGets the list of applications installed on the device
getContactsGets the contact names and phone numbers from the address book of the infected device
deleteApplicationTriggers the removal of the specified application
forwardCallEnables call forwarding to the specified number
sendSmsSends a text message with specified text from the infected device to the specified phone number
SendSMSALLSends text messages with specified text from the infected device to all contacts of the infected device
startInjectTriggers the overlay attack against the specified application
startUssdExecutes the specified USSD code
openUrlOpens the specified URL in the WebView
getSMSGets all text messages from the infected device
killMeTriggers the kill switch for the bot
updateModuleUpdates the payload module
updateInjectAndListAppsTriggers update of the target list
clearCash/clearCasheTriggers opening specified application details
getAccounts/logAccountsTriggers stealing a list of the accounts on the device


Recommended for You

You may also like

Comments

Your email address will not be published. Required fields are marked *

Next Post X
Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.