hook | 849d6e94305a096826f95d313f799c7acc95aee57dc1163b7654f0c92b6f5de5 | Triage

Sharing

General

Target

849d6e94305a096826f95d313f799c7acc95aee57dc1163b7654f0c92b6f5de5.apk
Size

2.9MB
Sample

230622-hqk1qaec4s
MD5

24d1aff4e64ab4975046256cd84f364a
SHA1

87eb2a30eeb048e1a061a4c0c1694284ab0e5f79
SHA256

849d6e94305a096826f95d313f799c7acc95aee57dc1163b7654f0c92b6f5de5
SHA512

8e525f2cb247d73da8e4010e90b9bfac39dccff66a22fd56c893a867bc3aff0c8c937c6fa073c52965a76de3786638503a42ccba97a5c07d463e9f5928d43d3d
SSDEEP

49152:3mg6ICINcBQ4nCnzvMSjjajduVSWrqd/+kog2AsjwPVTxVhApUfmL:3mTDJatkP+dvjw99r3fe

Score

10^/10

hook android evasion infostealer ransomware rat stealth trojan

Malware Config

Extracted

Family

hook

C2

http://91.215.85.22:3434

AES_key

Targets

- Target
  
  849d6e94305a096826f95d313f799c7acc95aee57dc1163b7654f0c92b6f5de5.apk
- Size
  
  2.9MB
- MD5
  
  24d1aff4e64ab4975046256cd84f364a
- SHA1
  
  87eb2a30eeb048e1a061a4c0c1694284ab0e5f79
- SHA256
  
  849d6e94305a096826f95d313f799c7acc95aee57dc1163b7654f0c92b6f5de5
- SHA512
  
  8e525f2cb247d73da8e4010e90b9bfac39dccff66a22fd56c893a867bc3aff0c8c937c6fa073c52965a76de3786638503a42ccba97a5c07d463e9f5928d43d3d
- SSDEEP
  
  49152:3mg6ICINcBQ4nCnzvMSjjajduVSWrqd/+kog2AsjwPVTxVhApUfmL:3mTDJatkP+dvjw99r3fe
Score

10^/10

hook evasion infostealer ransomware rat trojan stealth
- Hook
  Hook is an Android malware that is based on Ermac with RAT capabilities.
  rat trojan infostealer hook
- Renames multiple (140) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Renames multiple (234) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3
- Target
  
  noconnection.html
- Size
  
  161B
- MD5
  
  856bec178dc0b1c9db20f147ef93d86e
- SHA1
  
  426577810cb9e2123e3490eefd71153bff28f4ae
- SHA256
  
  8df9563fd4ec286f4b8e608a7f10ac16be1211cbd028eecd269c7c0e5979656c
- SHA512
  
  cfea8fac891818a3c5bbaff4adef3172049a19ddcddf9ce0b55d51507a443da6a116c022d457cff1de3c789576292d522eb74e7efb02a5fe00c38185bf86bdc9
Score

1^/10
behavioral4 behavioral5 behavioral6
- Target
  
  policy_content.html
- Size
  
  32KB
- MD5
  
  a1356a5adbc941d1ed5dac6d201752a1
- SHA1
  
  90aca8bb6b2cfb2a6b06ff25614534b8d399de10
- SHA256
  
  1b6d7320b92cfaefe70ffe794f80aac6c54f677f068cb4153d12374f07b0f220
- SHA512
  
  1019868d41e534849759ba59e41fd7aa3ee34641fa2c48f30db339693f1819812f0ab60af346c16e0f36253168587ebf931fe169b4c3ed200bf90f124555beb8
- SSDEEP
  
  768:xDUPeD0UqI4+9azTqSRCc86hffDGBLo53EoOqyhhkqkC9:BUP+0UqI9J6CgOhIC9
Score

1^/10
behavioral7 behavioral8 behavioral9
- Target
  
  slardar_bridge.js
- Size
  
  2KB
- MD5
  
  6ae2bd17c123f6421408077ba25514b8
- SHA1
  
  960f2405a0222cd98d43cb36d585f39674b2dc35
- SHA256
  
  67ed9d7fd80d34270b8a36832f548e94d479b3675eab1dd11590d56c2f285ddc
- SHA512
  
  98786a8e9a4fafef3d73acfe45bf2ccfc73bc2945640c1baa4c0937d005b9d29c1c9355144930fecd0e31c4193351927936c09e41d927b5b61a5cf3d5d55bd77
Score

1^/10
behavioral10 behavioral11 behavioral12
- Target
  
  slardar_sdk.js
- Size
  
  42KB
- MD5
  
  b13b02338702953aac52bafd67fc72c0
- SHA1
  
  4aecd94b6f6cae3973442032cc9eb0f971f09877
- SHA256
  
  97f24566e7dbc114a47c101c5600471192b98e832b06f3871fd23fc9e904d631
- SHA512
  
  3ffa3e47e0777c5b4a0b6b225f203d7f90de7549c5d7e72f5984880ff86afcb9c4ef7fe4c042691ee102268c3e7f95fc8b3434c632c0350a36af969b78a7d537
- SSDEEP
  
  384:ZexhJkqJBcnSCjdLqbTen/ZNHKTYBB6kfmKyWiIoSBQVfM22sBQggv1dq0Gvwk9N:UxZunS0b3v1gPBi1evwHRCVNJ4Hk/kmX
Score

1^/10
behavioral13 behavioral14 behavioral15
- Target
  
  terms_of_service.html
- Size
  
  37KB
- MD5
  
  fac701b30a0710cf8a8621cfea47425a
- SHA1
  
  6a18b24bf095197d1bcb101a99b44d5fbcd247fc
- SHA256
  
  74a5c8ccf4a38f31ca60eaa550583756f2c4022b174f8899316de83847902914
- SHA512
  
  861ed00900efac68e36ce60e6ddef20208c6b12fa06e4d0f57f39860b8e14d93ea8a9e659f8bbf7237a856a50d3332f3bf3b59ea522d3ac947fbb52f0c2945b8
- SSDEEP
  
  768:3919uv44m3S8RaYwkwr7y26DP3eUvEUggAw:3Mv4b3SsaeW7y26DWdUQw
Score

1^/10
behavioral16 behavioral17 behavioral18

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hookevasioninfostealerransomwarerattrojan

behavioral2

hookinfostealerrattrojan

behavioral3

hookevasioninfostealerransomwareratstealthtrojan

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18