hook | b11df71b3099e5c86b729985aebc508226cbb1f2b5dfdf5971e5b89ce5e03878

Analysis

max time kernel
2596471s
max time network
159s
platform
android_x86
resource
android-x86-arm-20230621-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20230621-enlocale:en-usos:android-9-x86system
submitted
28/07/2023, 04:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b11df71b3099e5c86b729985aebc508226cbb1f2b5dfdf5971e5b89ce5e03878.apk
Size

2.7MB
MD5

6fdc277e3f0aeffba6fab9f96cb5e854
SHA1

4160eb58897f1e8ce69a84ff05071abef49d7ca0
SHA256

b11df71b3099e5c86b729985aebc508226cbb1f2b5dfdf5971e5b89ce5e03878
SHA512

a63bfdb70404f1b165fd5cd3b65de04787e8014ea4373c39190abfbec79958666507074ee9bfa763f4f0651aec38302bf8f022bb77915d91b205c1c59d2eeed6
SSDEEP

49152:7/zRG5OQgZKv4v0SWrqj0q7YmJ2VibUnDMaPiQEGCVEyFVdMYx/i:jFGqkvaasJqDMa/EL+I4

Score

10^/10

hook evasion infostealer rat trojan

Malware Config

Extracted

Family

hook

http://5.42.199.22:3434

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service. 3 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.napewejileci.vobowi
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.napewejileci.vobowi
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.napewejileci.vobowi

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.napewejileci.vobowi

Loads dropped Dex/Jar 2 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.napewejileci.vobowi/app_DynamicOptDex/Jnwyo.json	4148	/system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.napewejileci.vobowi/app_DynamicOptDex/Jnwyo.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.napewejileci.vobowi/app_DynamicOptDex/oat/x86/Jnwyo.odex --compiler-filter=quicken --class-loader-context=&
/data/user/0/com.napewejileci.vobowi/app_DynamicOptDex/Jnwyo.json	4099	com.napewejileci.vobowi

Reads information about phone network operator.

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.napewejileci.vobowi

com.napewejileci.vobowi
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Removes a system notification.
PID:4099
- /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.napewejileci.vobowi/app_DynamicOptDex/Jnwyo.json --output-vdex-fd=41 --oat-fd=42 --oat-location=/data/user/0/com.napewejileci.vobowi/app_DynamicOptDex/oat/x86/Jnwyo.odex --compiler-filter=quicken --class-loader-context=&
  2⤵
  - Loads dropped Dex/Jar
  PID:4148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.napewejileci.vobowi/app_DynamicOptDex/Jnwyo.json

Filesize
698KB

MD5
2540645e09255150151a743af903a2b9

SHA1
095307d6917f228c0f0528143bc5360fce146a35

SHA256
067f98c619945bee903b8b45668bc68709f1a9375677bb7e2d361718696296f8

SHA512
9e98cf27aceed8c9e2db4026181645ced57f81db70748158f8c651c0de97b0da68bab2708d4877d5c2ff040a129f51de5ddf9cd97d9cfed9d532df6bb659ca88

Download Submit
/data/user/0/com.napewejileci.vobowi/app_DynamicOptDex/Jnwyo.json

Filesize
1.5MB

MD5
1e7c6789ee63f8b4ada1c3dadc76146e

SHA1
4f0dcba2da9941ee1d10eedeac498dfd600be539

SHA256
4e15742cccda2bf219037d295c6247d4925ba9e7faf15336533bb2ae64cce22a

SHA512
3a33a738fafc2f5d21fc76d52fa10584442311f8bfd9231a0084653ebdfb35a8f535ca67b63d842ddba9bceb2157b916adb20d4ccb64d7c3c8f23ca581ecc889

Download Submit
/data/user/0/com.napewejileci.vobowi/app_DynamicOptDex/Jnwyo.json

Filesize
1.5MB

MD5
8ea5fc71d9b6567de54fefcf6397930f

SHA1
d305de0b82bc906c8870edfa28ae2ee0e149421c

SHA256
dbac651117c83176fd8f72ea246b189ea7fc3e436e4768580614ad533bf0700f

SHA512
5f4444b62df5990bc3c01f0e668d74a0a0f1c7bd1b20b204edeae482c189f0407a6098b4be4da9e73a73ce9e0ecda6437c4d859ade76ba067b97b9917edb6a0b

Download Submit
/data/user/0/com.napewejileci.vobowi/app_webview/GPUCache/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.napewejileci.vobowi/app_webview/GPUCache/index-dir/temp-index

Filesize
48B

MD5
9f8dafb4dfe9d8464b7b5872f6f7abb8

SHA1
5e3157b26db0416aef48655c9ee66e116aad8128

SHA256
61cdc705aad1af311c134a9f7078b650f215b3abb8ebd996e3276e2cfe978a8e

SHA512
94f6fdf5fe313ad7b3ed2b216cb3a2cb6d13fe591a678ad15aa2cde153139e5540e2565e2fcededab21e5286d61bb8771166c43ecface1160cddfabb4ceaf9e8

Download Submit
/data/user/0/com.napewejileci.vobowi/app_webview/GPUCache/index-dir/temp-index

Filesize
48B

MD5
788547316eada792ab02cc4fd79b10c6

SHA1
3bd2816a482ae78baee81f8593b95b8b688bc9b1

SHA256
ff054d72ce52e0f36bf9d28b96cdcc74accc07cfc8172df901f0ac7a5d9af57d

SHA512
1529f7d1fcb8fc52eefbb855daf23a3d5bd8d53290724451adb4dda401d089b419d21643de9f4de3df5b46ee47a4182c40a44b1e62bb67ace7db700086dc38ec

Download Submit
/data/user/0/com.napewejileci.vobowi/app_webview/Web Data

Filesize
104KB

MD5
dc79f9ce5f3ab5270b33e61119dfc959

SHA1
1844bf222a5144b513dcf2fb50a18c011701c647

SHA256
47e65f4de08deabfd52ecdb8b0a29c61c482188b92c36182e2112ca0a8f4ff65

SHA512
18b8894a7f35df516f423bbdebf1e05ce09eaf4345b139e59e603cadb81f8d1fa20f793438c28e8fd9a64e64f0684223d90ce6f10d3f93cb0c781049a8cff03e

Download Submit
/data/user/0/com.napewejileci.vobowi/app_webview/Web Data-journal

Filesize
1KB

MD5
a1b3aaaf556165718f7da4ed626e61a0

SHA1
a0f98cc67f7da0ced9968e4ddb080ed4d3d7e984

SHA256
9ecf8b6e2caa79abad666ad5a84a083a587e1a500be68adcb84f09832f4af7d9

SHA512
ba76e3e7afbf8366a2b54211e4e3d3e9fc5e5e5cfb5cd1511ade7e5295caa10795d9ef0658b0aed8e65038325f52eaaf2d86d267eafa7e37d96ba4e93251b5ab

Download Submit
/data/user/0/com.napewejileci.vobowi/app_webview/metrics_guid

Filesize
36B

MD5
1c60f7ee5fe294e506c13af21558c5bf

SHA1
37dff4469711ae7994f58bad1fa8fa8e53f6ae65

SHA256
7ec3dc54561bb4f8608a2291f638ffd3cb9fe15ecf6644933c3fa4f7d95e6bdf

SHA512
077261bf5bde5ae1edb3fb2b8b22a95dfcf8e6c01bc8bb44192c414f6a387ed054b1076196aedc0ca34e063e8131a59c4ed97f17839565a9a7d65f4ee3743429

Download Submit
/data/user/0/com.napewejileci.vobowi/cache/org.chromium.android_webview/1dc40779bb8387b8_0

Filesize
201B

MD5
f95136ce26d419ae7a30de217850130b

SHA1
8520c1b771e600b3ae5794c7dfa55fc6873fc7bb

SHA256
81d6e10447f9a529b76ae81719950eafe12dfceaf6269311bac352284c671751

SHA512
248a2656fb2fe5153e8600e149dfe804d5f631f5dd67dc64de207711a376458504e11012e90faeea508d9fc0ca2d040ffd96667c6a47ade7cfbd01be138cdd4c

Download Submit
/data/user/0/com.napewejileci.vobowi/cache/org.chromium.android_webview/4c70d54a92cdffb7_0

Filesize
245B

MD5
bec9d05c0fecb3a7c9caa49e2efad9a7

SHA1
34642fc40b73dc8b38bca349779de324f8c74d47

SHA256
c712d4b90bd5f41f2819b432e3f5eaf8ef6175d033a9573bf31639aaa859cc26

SHA512
b062935455762f5e9b8862c5ed2f489360eab5ea370d059eca24c319f7cc4a248256b6fd11edee8503bd917ba50f8531b44bf787378a2db197c5a5f7a6954228

Download Submit
/data/user/0/com.napewejileci.vobowi/cache/org.chromium.android_webview/74a997b66d0f8136_0

Filesize
234B

MD5
0d915675fb63f2db8deb0ac9383304a2

SHA1
70ca56529803339dea97ed0dc7dc50188c84dc74

SHA256
cd08dc759c78debda56752cc01f9f18a6564b3775591d436d9b292f440792666

SHA512
073d44aac30ce59132bfaf39a529ac1c31c7f8aa3562364f237a5c2816657bc75a75301c72cd6bb2d3d56fd442c2729dcaba695511dd31eb478076858ad0d2dc

Download Submit
/data/user/0/com.napewejileci.vobowi/cache/org.chromium.android_webview/c4c671fa17cf644a_0

Filesize
224B

MD5
4cd3fdf1031a371edad1c7f2e329d41b

SHA1
283472077c22d64f23037e963ee5fe933865ab46

SHA256
6bda71f033769bbca3cf116c2b1d303e124584675aa5bf710bf8b1b123e27b07

SHA512
bf73a18509ff58f21ae281566f745de39b2eedbf7496b8bfce3938a6f7be91453d71be7b5abb14a49ca0fa1e74a035ed26f9e2e724ef260ae4182d782454f3f2

Download Submit
/data/user/0/com.napewejileci.vobowi/cache/org.chromium.android_webview/eeb205d44f74f948_0

Filesize
259B

MD5
7a92d8dd67ad13bd48eb84650a2f68a6

SHA1
f23bae6bf50a359cac7d0118027040fe566a5f2b

SHA256
87ea61d7f5d80376ee66a2b7bd7694a5979631c1cfcef4a85b76ce4887bbaf9c

SHA512
770fe453ce9211149f9808817bceebc45cfa5772a30cddd150746ba2be053f70263550e777557a81116c0dac03ad2e180303e1b4078e9c8f17510357f6749233

Download Submit
/data/user/0/com.napewejileci.vobowi/cache/org.chromium.android_webview/index

Filesize
20B

MD5
93027d42b314432c4216e6cfca48b384

SHA1
43448dd8102979c3926828182579691945eedd4e

SHA256
3cda72e67c62e52a342309c44f2cb3b6c1019c7b11822e2f628e48e254e2b41c

SHA512
a52d13cf7f5be196d1e2f135b8a010f80558c5d35e90e7792441d1c976517d55cf1c9587949db69ebef294cc6ef79529a65e7d779964793016efecacd152f70e

Download Submit
/data/user/0/com.napewejileci.vobowi/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
48B

MD5
6366afbdb4797c6e4d2b4cc7db5f92ad

SHA1
6c695481a62ca19844b5400d7377afe3a52531f3

SHA256
3e243592195c41ef18921ff0ddaf4b77f7712635bb95af14501b57055e6fa687

SHA512
ad69dc25bfd31d9f2e2e76ccb7d545ab698921954f17d7550b9d7a40bccb277055e6cb09305e0be44cfb3ddc48f3676008d5674d8fbdd406da9cfce90c1ec29b

Download Submit
/data/user/0/com.napewejileci.vobowi/cache/org.chromium.android_webview/index-dir/temp-index

Filesize
48B

MD5
54ea06a27c9e3578d9ed51f91c729092

SHA1
0ae002504fc3bc05003c2c9aa92b312caaf6dd90

SHA256
6c58cda0ba4e25cdb5c93987fb6dd6ab5318e99f1ea1e6dd63d01f85f9d8b2ee

SHA512
e5e3fd5eaf3cc164428915cad3a801ef84f19fb02ac72e7bd76efc4b91aeb3b39c7531d463d6fe18d4a6ce7c0156489ebf42cf2017514666520913307730efe8

Download Submit
/data/user/0/com.napewejileci.vobowi/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/user/0/com.napewejileci.vobowi/no_backup/androidx.work.workdb-journal

Filesize
524B

MD5
b5bc4956b77b4ad71215d9520783939d

SHA1
a9e78a29eb1c0551f3b2895b73f11ecafde1a756

SHA256
aa2ecbed7e12284ac9660e986d9dc20fad2962cd445a2f58a8b15dde7b73bd73

SHA512
42daa28bd02888fba840b315fea22fc817bb9d094fd8dee39d738530146e8fed20da808270da728544447dcd5d09bd106efd5b5a335e438331d2562c9ebbf436

Download Submit
/data/user/0/com.napewejileci.vobowi/no_backup/androidx.work.workdb-shm

Filesize
8B

MD5
7dea362b3fac8e00956a4952a3d4f474

SHA1
05fe405753166f125559e7c9ac558654f107c7e9

SHA256
af5570f5a1810b7af78caf4bc70a660f0df51e42baf91d4de5b2328de0e83dfc

SHA512
1b7409ccf0d5a34d3a77eaabfa9fe27427655be9297127ee9522aa1bf4046d4f945983678169cb1a7348edcac47ef0d9e2c924130e5bcc5f0d94937852c42f1b

Download Submit
/data/user/0/com.napewejileci.vobowi/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
17b3f8cb9f6d1ee51e022acc5f525640

SHA1
73a423b3896929ee60cfc28d1fbcd8300427ffc1

SHA256
4baeed18f1362b61578332cf16bd8b0355725edfbaa3d393dcbbdac5a6782aa7

SHA512
379948a0db144e27f9e2b67c49e52bae61ecfdb69a95c9fad4e0a65627442b63d58ef84d4f314f3ec18eb5b6d40af164e045ba2d6eef6f85a0b41e55093252f4

Download Submit
/data/user/0/com.napewejileci.vobowi/shared_prefs/WebViewChromiumPrefs.xml

Filesize
127B

MD5
21223e9184445fe043476484cd8cb1f9

SHA1
2b4813f849121d60ba35eb0889080668bb62c778

SHA256
bb61b7c087c2ae2de93a7740ff75707342940557146366e92b840284cd9446af

SHA512
be21408de0cc643650e5d9ab9057a8f9de88e37fbdc6417cfeba160402ec4cd14fccbc82cbbfd941ecfc0bb3d4056ee61ac199efdc99d647d53e65818835fd48

Download Submit
/data/user/0/com.napewejileci.vobowi/shared_prefs/settings.xml

Filesize
136B

MD5
41346964e08501234234e453dfbc2aec

SHA1
1990a024aa757348f964e556e12b8aa659953157

SHA256
0084a6aa25fdfc346d47facd490f8a9f7d796e4c764c4606890ed3cad57d635e

SHA512
dc9c31eac44a48185a2e404b667dea9e1899cb56d09116c3a5ed33ea9e98821670914b17e91196efc51f89269986f4e848ffb05e6f88da5b136764c07dde3512

Download Submit