Resubmissions

29-03-2023 00:17

230329-alflfafg2s 10

27-03-2023 10:02

230327-l3abjacg95 10

General

  • Target

    YouTube_obf.apk

  • Size

    2.6MB

  • Sample

    230327-l3abjacg95

  • MD5

    9a04cd4b51e74d6951c2c7f78cb0b7bd

  • SHA1

    791880e2417efebdec3bb56c66d9ac18e32c96d1

  • SHA256

    e4fc786d2c691c5e735db758881b9f7a455148615a4bc140ba286a1caab4254f

  • SHA512

    add5a5cca243b1260cdb635d18ca0addaec009f32ca6fbef5e6a8c3debe92c65fc35ed78bc40f6efd1eba6bb004976b7242385613ffe290e5789765456d65947

  • SSDEEP

    49152:5G+mYa9G5wqCZhjz6UYSWrqWZJ/9h0D/Yw36O8RJtnkats10N4NIJ:5GYa9G2VGUs9eb8RLnt54NIJ

Malware Config

Extracted

Family

hook

C2

http://176.100.42.11:3434

Extracted

Family

hook

C2

http://176.100.42.11:3434

AES_key

Targets

    • Target

      YouTube_obf.apk

    • Size

      2.6MB

    • MD5

      9a04cd4b51e74d6951c2c7f78cb0b7bd

    • SHA1

      791880e2417efebdec3bb56c66d9ac18e32c96d1

    • SHA256

      e4fc786d2c691c5e735db758881b9f7a455148615a4bc140ba286a1caab4254f

    • SHA512

      add5a5cca243b1260cdb635d18ca0addaec009f32ca6fbef5e6a8c3debe92c65fc35ed78bc40f6efd1eba6bb004976b7242385613ffe290e5789765456d65947

    • SSDEEP

      49152:5G+mYa9G5wqCZhjz6UYSWrqWZJ/9h0D/Yw36O8RJtnkats10N4NIJ:5GYa9G2VGUs9eb8RLnt54NIJ

    • Hook

      Hook is an Android malware that is based on Ermac with RAT capabilities.

    • Makes use of the framework's Accessibility service.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps).

    • Removes its main activity from the application launcher

    • Acquires the wake lock.

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

    • Removes a system notification.

    • Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Matrix

Tasks