hook | 5ee21b2ad8525277035379d8c96e9aade1b6cc2f41e4877380033c00e8710686 | Triage

Submit
Reports

Overview

overview

Static

static

7

Test-Golde..._1.apk

android-9-x86

Test-Golde..._1.apk

android-10-x64

Test-Golde..._1.apk

android-11-x64

Sharing

General

Target

Test-GoldenCrypt_1.apk
Size

3.7MB
Sample

230204-2xh99aac7w
MD5

ad1c9280e2720887e64602d87a1cf122
SHA1

672014038e4aea7eeeafbc289b7538e887ab96fe
SHA256

5ee21b2ad8525277035379d8c96e9aade1b6cc2f41e4877380033c00e8710686
SHA512

dbf91c21f717e04eabea4eda52329691354cedd049a90839f443e2ad5b69d0b0db92106cd0ae14bec4c268daed5766993a50d6b965eee66ef11f3ea0e6929395
SSDEEP

49152:zX6Zo1QPKzvMSjjajd3q/mZ0SWrqf/5uVuM7aaDUm3QBe7kkT/ZjmPsT+9HLisxC:zXkkGstkU/CpsVuM+at3Qo7PThj+EV

Score

10^/10

hook android banker evasion infostealer ransomware rat stealth trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Test-GoldenCrypt_1.apk

Resource

android-x86-arm-20220823-en

hook banker infostealer ransomware rat trojan

android-9-x86

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Test-GoldenCrypt_1.apk

Resource

android-x64-20220823-en

hook infostealer ransomware rat trojan

android-10-x64

4 signatures

150 seconds

Behavioral task

behavioral3

Sample

Test-GoldenCrypt_1.apk

Resource

android-x64-arm64-20220823-en

hook banker evasion infostealer ransomware rat stealth trojan

android-11-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

hook

C2

http://5.42.199.22:3434

AES_key

Targets

- Target
  
  Test-GoldenCrypt_1.apk
- Size
  
  3.7MB
- MD5
  
  ad1c9280e2720887e64602d87a1cf122
- SHA1
  
  672014038e4aea7eeeafbc289b7538e887ab96fe
- SHA256
  
  5ee21b2ad8525277035379d8c96e9aade1b6cc2f41e4877380033c00e8710686
- SHA512
  
  dbf91c21f717e04eabea4eda52329691354cedd049a90839f443e2ad5b69d0b0db92106cd0ae14bec4c268daed5766993a50d6b965eee66ef11f3ea0e6929395
- SSDEEP
  
  49152:zX6Zo1QPKzvMSjjajd3q/mZ0SWrqf/5uVuM7aaDUm3QBe7kkT/ZjmPsT+9HLisxC:zXkkGstkU/CpsVuM+at3Qo7PThj+EV
Score

10^/10

hook banker infostealer ransomware rat trojan evasion stealth
- Hook
  Hook is an Android malware that is based on Ermac with RAT capabilities.
  rat trojan infostealer hook
- Makes use of the framework's Accessibility service.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).
  banker
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hookbankerinfostealerransomwarerattrojan

behavioral2

hookinfostealerransomwarerattrojan

behavioral3

hookbankerevasioninfostealerransomwareratstealthtrojan

© 2018-2025

Terms | Privacy