hook | 461667544a618419230b256af9d682bce6c3238977bcc48144015f47c9550b74

Analysis

max time kernel
1245007s
max time network
156s
platform
android_x64
resource
android-x64-20220823-en
resource tags

androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
submitted
13-02-2023 09:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

461667544a618419230b256af9d682bce6c3238977bcc48144015f47c9550b74.apk
Size

3.7MB
MD5

de61a04de576bfedceaf777d00c681e3
SHA1

ad76e12bfafe8e2c837259793a8aa8adc69ad55a
SHA256

461667544a618419230b256af9d682bce6c3238977bcc48144015f47c9550b74
SHA512

eb4b7b68843850e7d9d3e22870f28e5992e2ea3224640388d47180737c970a7fe3481633175d64f176cc281d33cfc8932b1a3a7852fdf98e5ce9d9d92bfa6980
SSDEEP

49152:ZcRgbYP8p8FETgu749/zzgzO4h2YEhs/o1ZIa4zxIOnJMkSWrq3/PHOOK+lMyfsH:ZcRgbYUIfb9rU8YSJ99MKVZRiyfsIMbt

Score

10^/10

hook infostealer ransomware rat trojan

Malware Config

Extracted

Family

hook

http://45.93.201.92:3434

AES_key

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

Processes:

com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv

ioc	pid	process
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/rr7wgwovr9/wufulgggfswwoug/base.apk.fwrjerw1.t5r	4764	com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv

Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
ransomware

Processes:

com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv

com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv
1⤵
- Loads dropped Dex/Jar
- Uses Crypto APIs (Might try to encrypt user data).
PID:4764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/app_webview/.com.google.Chrome.7G1QIS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/app_webview/GPUCache/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/app_webview/GPUCache/index-dir/temp-index
Filesize
96B

MD5
34f1d13386804ca7148c59a1821142fe

SHA1
e14b99905a6a6eb520ddc58437e2414d9d68333f

SHA256
1c77ebcdcefade8fb49cfb366e596c31f2f71ef47bdb996719e5a3f7ced6e711

SHA512
f2d209ea430bab7bd26c6c1fc336054b594db1f8a012558b7fe3ff32c4dc788065244033866998f0bea00b63fc74b48a3c8844a653279c54981490525c617b8b

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/app_webview/Web Data
Filesize
112KB

MD5
b663831f8cc130493476d94f2d7a5330

SHA1
043a1956ab8e40821d67043f8a9110a8eb36fb93

SHA256
c109aa8bfc364d5fd0756f1c9d35ee3d6df31325061ac70d8469f28cfc882ab7

SHA512
e8ee923192cdf16318febdc23362f3eeaf5c914b923f80cd3a91a2e83e94bced54460d4ef1e54accc26a7d54b89e2e10c00097e60002cf6427298dc5f18fed16

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/app_webview/Web Data-journal
Filesize
1KB

MD5
d4c204a1ad0be4679279ab4e7c217082

SHA1
38408ba0d3b8a8527f5a090c42bc8d1f2b9e49e8

SHA256
c5cad4cd882df088627987db97dac7fcca6a05e032636902112ceeb18bd9b089

SHA512
be15d5a62414d832bb85a9ddac5c23239d8749f7c8e67ca4bdbdf198d3a2b38f6ac9e8ed72207cc8541f21b954f929dfb04eed87ba70eb6e8029b36f8c190560

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/app_webview/metrics_guid
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/app_webview/metrics_guid
Filesize
36B

MD5
8c7e82c587e0da22bdc88aa7e6f8e88b

SHA1
b3a04e7c6731e78905c41964648607ce9e93ac94

SHA256
318d41dfa9905cf3d390dd0d5b28d14412b37af1e6b5e548c473ee322b0338a7

SHA512
dfe82a80bb90e2fec362fbacbb8b8bc847ed3bfb7dd5d3f2e74afeef92aa89de3f102f681912ba2def9fa191165c154de0438ba9ba6e3a901376fcf2328a44f7

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/app_webview/variations_seed_new
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/app_webview/variations_stamp
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/app_webview/webview_data.lock
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/cache/WebView/Crashpad/settings.dat
Filesize
40B

MD5
3e4f85d1ed7f04c884b40bb2c46e2565

SHA1
59cc33a0de79354fe8ae8991e8024d2946febdc6

SHA256
550658b0b3e22eb2364c5a79bdf178a3e67fd45efac12fa88a8dda6d3e11a8cc

SHA512
9d2a4e0203a223b954affed8cdca70bcc69428f2660a292474533560c87f763f3acde10b32b2b3381c8771b4eb39acf31ce21bafd3a346f0077b59f644494e67

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/cache/org.chromium.android_webview/Code Cache/js/index
Filesize
48B

MD5
6d7d499960179766cd4261d12dacc411

SHA1
e6f8553b0015e12b23cc551afe98763f3b1c9bed

SHA256
c96ac03cfdbc6f4c1bdcdf764f1a6573f852e7aae5ef405969516b93ed271182

SHA512
6526c668477a01a850b8757b77dd3e7be27ad1991f5cf777685efcb03a21f31b71f6eae00f326931599baae4b16360e33e3d0f2894f1b2c1753391df02a14547

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/cache/org.chromium.android_webview/Code Cache/js/index-dir/temp-index
Filesize
96B

MD5
6d5420c09e3d9b228edac15f024aa91b

SHA1
a10b7a265cecf99b13f98ac4812ae2bba401f67d

SHA256
deceb0136935acd5dcc420fde93ce7d3ce6911dce588de946bb2ed9af66d8c7f

SHA512
8e8e7cfc36fe90287f57f2bebe8fa09fdcfa6872b6d0ac8f1a4cd9aa42e46ad9db2d0c1439d597fb8be761f745f2bcdb88001ae4a8b4e07b54a158a5c3714820

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/no_backup/androidx.work.workdb
Filesize
8KB

MD5
b6ca8b30661a7844ed292db75a29a953

SHA1
8e0d397ab1f2ced1f143829084c3f53333743bdd

SHA256
63a219c7092be26641907c5f955aa977e7675e3922a8e4ee2af25bfed8c7bbfb

SHA512
d21ce3adf13d61369708ea000438f626973f20b08ca05a744c1cccb2d5e7c264a8af9c3ebd18a7a6a464d38e1c64146f8e881d29d71a0484dd94212315f6dceb

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/no_backup/androidx.work.workdb-journal
Filesize
1KB

MD5
07dbb14d5e560382f9cd30be3cd5b70b

SHA1
cf51a2c8841c4e436316f236fe25afd9dfaf95c3

SHA256
227eae59058e870f185da14d9a78aacca3d8171296238a733382002af64ac0e7

SHA512
4efcad9b2b8371ef520b9cd73f80fcbf3b4363c438c219b2318d02bb8fe18b9eed167d30c2e419cc2b9b7172b3bca9f97cabea9591b772e45cb3529fc9b85368

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/no_backup/androidx.work.workdb-shm
Filesize
16B

MD5
4ae71336e44bf9bf79d2752e234818a5

SHA1
e129f27c5103bc5cc44bcdf0a15e160d445066ff

SHA256
374708fff7719dd5979ec875d56cd2286f6d3cf7ec317a3b25632aab28ec37bb

SHA512
0b6cbac838dfe7f47ea1bd0df00ec282fdf45510c92161072ccfb84035390c4da743d9c3b954eaa1b0f86fc9861b23cc6c8667ab232c11c686432ebb5c8c3f27

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/no_backup/androidx.work.workdb-wal
Filesize
346KB

MD5
9fdacfc9f1a051233754d31447439e22

SHA1
ff06cd7f28ccf0fc885db03fad555aaee73472ef

SHA256
b3e003382f6fa6090ed7b51201a8c82ba4d00efe195882d591c34e43ba419cd4

SHA512
5630f9c6c9e19d6fc17425329bc991d8c7ecc46e625f6ddda8de35dd631512af814e4c0a76b9736a1b4ac05f6ce9b19b60951dee292e2c1dfabf891ae11c372f

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/rr7wgwovr9/wufulgggfswwoug/base.apk.fwrjerw1.t5r
Filesize
2.0MB

MD5
e0b52be632be5eb5c1b16f48e7cfc448

SHA1
32abed0e3399d5010a41e022e9bcbe3ddd38456f

SHA256
b43f7231b2f4428f2b38168755f89a8de469925e861c23ab7803c3b23fbb9165

SHA512
72f84075971054f529c676e8685e2fd9cf911e394acf31843b787a77c0d865309489351f4996fc3d742f8c9326be6a62f44d36af164ee0085af10aba84fc9e87

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/rr7wgwovr9/wufulgggfswwoug/gjurkbgk.djff
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/rr7wgwovr9/wufulgggfswwoug/tmp-base.apk.fwrjerw313452631923146844.t5r
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/shared_prefs/WebViewChromiumPrefs.xml
Filesize
127B

MD5
6ef709b8536878951e87c29a1518fc2b

SHA1
24376c70b00152501b3d98df61fa7db435339172

SHA256
10b13d894f36d4391fcc31313a244d5f6cd89c8e8c03347282e281c4af13c0a6

SHA512
96547eff6779251a5c4941e812ec56ed273e9270265005723e1f2864688b04f3b852a90145fba4ea0ddf1e02b39d99e33d28f761b07a04d46e0e4257d8909ff9

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/shared_prefs/multidex.version.xml
Filesize
307B

MD5
76e37070db51783172f0e8fa37e5bdc9

SHA1
e48c224d882b581e1395cf941a451e42eef15dcc

SHA256
01ce15d0c82514f50f39517e4e8ad9b21b0e533b80cdd64a0c6af2946d92ecb7

SHA512
7bde3cfe245c8cd8d3edd32bcf50fcc507b37c235e3163a0a0a4d0ee1073f0486a66a6e09963ec594e45235d88ad2a83a80f85521533de188d98ee3d7b6f9800

Download Submit
/data/user/0/com.cmdomdoz.bgxcvvyj.zmwjypsw.oyvfwgnv/shared_prefs/settings.xml
Filesize
152B

MD5
37a5018377e89fb59b6151daf70723c6

SHA1
9974cd7cb2e9d609e0f32c73d0d026c3bb1dec4f

SHA256
6d18fe3bc31cf6039f7f6ab7ef92fc7f84f1a2266438b29883a45b79025e98b5

SHA512
86483729a5630927b79fdccc36ba036ba8d6095cae174232423ec30fc2c2f3f1748218b5c3c015ef99ba60833b629f933e15b991533cdfe945b2ca02754b086c

Download Submit