hook

Resubmissions

08-09-2023 03:26

230908-dzpm2sgc54 10

01-08-2023 11:42

230801-nvdp4agf6v 10

01-08-2023 11:24

230801-nhn1asge81 10

Sharing

Copy URL

Twitter E-mail

General

Target

Lol.apk
Size

3.7MB
Sample

230908-dzpm2sgc54
MD5

10f5a518febd8b0b08b7f69982bc0a7d
SHA1

77137ca4881b82a9baf3dea99e03ce92c89cc742
SHA256

238cdfbab88cbcb6b1a2379b2a18c993640c1f498c4cb0e9faef408331f41c0b
SHA512

52c557425b2eff4f244c2c34280118e913574c0b3a51bff966c4fb4538afdc1220ad6f94956098aeb53cee4984aeff30142f148f6e19c1a978af6d0e7801f918
SSDEEP

98304:z/Se3GAtk9/CYItyoKmFTwgzOOH2qWS9Rr:+e33tcPItTvFcg5W6b

Score

10^/10

Malware Config

Extracted

Family

hook

http://193.233.196.2:3434

Extracted

Family

hook

http://193.233.196.2:3434

AES_key

Targets

- Target
  
  Lol.apk
- Size
  
  3.7MB
- MD5
  
  10f5a518febd8b0b08b7f69982bc0a7d
- SHA1
  
  77137ca4881b82a9baf3dea99e03ce92c89cc742
- SHA256
  
  238cdfbab88cbcb6b1a2379b2a18c993640c1f498c4cb0e9faef408331f41c0b
- SHA512
  
  52c557425b2eff4f244c2c34280118e913574c0b3a51bff966c4fb4538afdc1220ad6f94956098aeb53cee4984aeff30142f148f6e19c1a978af6d0e7801f918
- SSDEEP
  
  98304:z/Se3GAtk9/CYItyoKmFTwgzOOH2qWS9Rr:+e33tcPItTvFcg5W6b
Score

10^/10

hook evasion infostealer rat trojan ransomware stealth
- Hook
  Hook is an Android malware that is based on Ermac with RAT capabilities.
  rat trojan infostealer hook
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock.
- Loads dropped Dex/Jar
  Runs executable file dropped to the device during analysis.
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
- Removes a system notification.
  evasion
- Uses Crypto APIs (Might try to encrypt user data).
  ransomware
behavioral1 behavioral2 behavioral3
- Target
  
  amap_resource1_0_0.png
- Size
  
  24KB
- MD5
  
  d9e612e434d8ca593ac46be40ba60728
- SHA1
  
  5c306bab17293463b336017e4c8d4259a35795e2
- SHA256
  
  89a8d43f11c1c61827938c9b81b8ec165f87e9cf65d07e7b8e10ab5796ac9984
- SHA512
  
  e78b351826e91c0e4500ae768018274c99fc283d8f083289d19af661eedf7bda6c685d655dd8a1cef70bc2937fec4e5b91b40be13b9047848aa5322370f61968
- SSDEEP
  
  384:cNxY1sTiUwgYBsutSLGHIjJyo6oAJUXBnym:YxY1sGgitVoQoAWxd
Score

1^/10
behavioral4 behavioral5 behavioral6
- Target
  
  consentform.html
- Size
  
  27KB
- MD5
  
  7a2ed1a6df8839dd8936a86d9edccabe
- SHA1
  
  7bc1af528444afca678905059cb1ba9fade65352
- SHA256
  
  d02fbd55c1b5da3fa1f77c52f5633421395a3bf228457521512b37cdacd65f9c
- SHA512
  
  ea0c3e512b37e340f4c0a49196344f1dd5aef38c469ba124605518e913be601a5b6a92a50f00e962bc90041bb80e51480254c7902032d894b7d24be5aec47097
- SSDEEP
  
  768:wEh4FOT6bJdK0D7fkvaqF1b6cY4c5rC28c54NTc5Jt:th44GbJdKoncY4c5Wc5wc57
Score

1^/10
behavioral7 behavioral8
- Target
  
  libByteAINN.so
- Size
  
  25KB
- MD5
  
  294f72d1b19d84e8a19fc03710d4d18f
- SHA1
  
  58866b47c67d6342f179ccb23ef6d02700cb7fc2
- SHA256
  
  5ad186fd86215409024a6107777fee18aedef41b10b876e4b57f6ba6934021a6
- SHA512
  
  94180d818615b458728d44496a63980e622ec70650e62f7cb2a7dd04db72db2086910d4c52b63b6277a4ef2f706cd9751b8204872b15bf0c696826d0f23ead54
- SSDEEP
  
  384:aGq20PXEJzXeEn1Bo1c93D9WuX6LbFRJ2D7Q4PrFZeRM1C0qF4:a+08xeEng1c1kFRJw7fHB
Score

1^/10
behavioral9
- Target
  
  libbuffer.so
- Size
  
  17KB
- MD5
  
  bae9abc18a78869bc43b77db2cb20ccb
- SHA1
  
  1062f5a1f64ab1cd544ca56811460d16b234c496
- SHA256
  
  4394772b9d0ab2741ce3a1a0da1c90e25c31e5bdb27dd0c0e4d2b79700ba43be
- SHA512
  
  df660892cd1817350e1b748095279b3a58c6bbce7ac382af29ea553bcc7cde73b15bb771b2d47f7d1c191ebb1cf50745785abea703506f06ef91cea7dca0d015
- SSDEEP
  
  192:qYX4yau/lcS2OqOQY9b9qjAT8c77Rw38grDxYjpjUxTYczyWNQqOLC83kEgh+zjM:qYo+2OJQYXqjM8cRwrrlYNGvBQZO
Score

1^/10
behavioral10
- Target
  
  libfile_lock.so
- Size
  
  13KB
- MD5
  
  d3c138aba4cddbc41aa55fa279b5a29d
- SHA1
  
  463be46ba1dbb9f1eebda1889fd849b77ceb852d
- SHA256
  
  7f463cb69e520b9dc34ece51098df18f240b998cb499c344e228da5437fecb5f
- SHA512
  
  16cc21c08b8aa3f052a506d97f42a70c4a6f405d1118f29f3212627ebe07ec18c4f6726ab81ff2c84ee371f315146cb5affbac64fa4d48811099f66e5b784643
- SSDEEP
  
  192:ul8mOqxbY84ED+An8C77RwZvfrDxYjpjywkNQqOLC83kEgh+zLuydmxmEfuY:c8mOYbYuD+M8CRwZfrlYNm/QZ1vY
Score

1^/10
behavioral11
- Target
  
  libgifimage.so
- Size
  
  25KB
- MD5
  
  7ef8b5518b1061f818f54d1700d31474
- SHA1
  
  ceb27e1801e6b62c445fecbd76427d77c7dccf38
- SHA256
  
  0a19cc68820922c82e9f1911755517ee6846de43e36fc8fcdc255b43be4c99c4
- SHA512
  
  19d96a1821b1deb27448da0a44b1d3a78feac532be14ea562fac2a89412f5822f2ec2db1082dd6febaab9e11ff50b977d0b28f16b2ea1196627128bb52b4779a
- SSDEEP
  
  768:qDdChEZEMlcB4F/sqetilpCOamSY5MaQi7XkPVAy:gASu4F/JeYffnnO4XcVAy
Score

1^/10
behavioral12
- Target
  
  libheif.so
- Size
  
  17KB
- MD5
  
  814abcd25a3f828c621800d779779e39
- SHA1
  
  6264132b1f1f092ba999d14ea6c9c2714a56a46c
- SHA256
  
  4f52c4161978d971149aea80253d52a5fe35371d836c7c19d2630b26bb03926e
- SHA512
  
  472a2826cfd9a485f685aa90f0554366f8b7f65b54a31599ee66cd92ce345404e6f1ada904cae37863c530daa0740ee6041fbf241649d54c7d39eb82e9a486ff
- SSDEEP
  
  384:oOx6wIrBIebtYE6bEOMcwrTBA5FP5qHSu1kmgKTTDWe4DugN:1xNdebKEmEOMculAzRqyu1kmg+Gbr
Score

1^/10
behavioral13
- Target
  
  libnative-filters.so
- Size
  
  13KB
- MD5
  
  76661d1bc4f7ba8b18e1378ad1651945
- SHA1
  
  b9cbe3d37765016fef9bd959d19c8c9bb879258d
- SHA256
  
  3769105e848e5f31321c5826bb813c121df59d5768bb0ae067000cdbc0385284
- SHA512
  
  150cee7a9863ef41188ae21c357c0fe102ee87ba0c87082cb81e2de1ffd20fd65070a62f78f546d9102176504bcbc7a55778eac08b50b8380d838db8bac6cd5b
- SSDEEP
  
  192:bIT/E6dXAb58jjNgw5BfFcizuhBRjZQyzA:bII6AbaiUkYl
Score

1^/10
behavioral14
- Target
  
  libnpth_dl.so
- Size
  
  21KB
- MD5
  
  8dc3d94473cccde59e7292ff870de22d
- SHA1
  
  bd26d28b944318acd3fc074ca56e912b4bf7d577
- SHA256
  
  118d6ee6ce164a2b0e368941c354f5e10f0412f7a9a2f4be88095eb71032b867
- SHA512
  
  d114edf4d41a5a2df2dcaffc42e790b18c010fc5c6a9cbbdf522e13dc7d2caf96033cd4f037ac1882ac0a8aca22d5c85daf3dca0b85c6115cb8f0927bd4f7875
- SSDEEP
  
  384:NAS2ztahmoNP50NqQrrS1eN6rv5rquE7ETt/92ejVcWE:qSOahmGPmSMN6rv5rquE7wt8WxE
Score

1^/10
behavioral15
- Target
  
  libttmverify.so
- Size
  
  5KB
- MD5
  
  5bf666b25917c5136f9b3765fce01abe
- SHA1
  
  5196a1d731d54c78bc12ca5f97cce60320713bd9
- SHA256
  
  3ec7ddbb824da916144a7675baf3d0aa745ff6239f52a6bfc08c3aa62c065a91
- SHA512
  
  d2fb8c9a7224d268dc4e5020cfd1f356e0d4912d07a6bacd39300bc902736c6edd4302e2f56ee9d80970b834def539d26425ac9227692d540469a0073c23443c
- SSDEEP
  
  96:ydc0FSA4EnvPD8JqMqpFPAH6PGFrDJKM0QKPDRN+72OP9OO:uTL4ML8JXkFPnwrVd0XRO
Score

1^/10
behavioral16
- Target
  
  libttmverifylite.so
- Size
  
  13KB
- MD5
  
  ab11d56d5667427bdead609df8a48fb1
- SHA1
  
  9d2fe49bedf73b96d2f7817a44187925c93efcf7
- SHA256
  
  fa6a26f7804e7d48d993d6fbed37477daff7f041c0d64aca22446f79599cc7ba
- SHA512
  
  c397f70a70efdc8941b22f6aebc42257e3d00707d615ddc88df35cd0b496b27ad8f7b38f4069a1f00dc1b68e989edd8b9bc25f68baa0660fe3e8a4b4e44c0acb
- SSDEEP
  
  192:tX0PpbK0mgjeR0eJnnZbpLKqQPiVvp79WGgMT/g07aeJapsrmhB8UyOOwaERueL:ePlSJdp2qQPo7Myaes6rSyOkK
Score

1^/10
behavioral17
- Target
  
  libvcnverify.so
- Size
  
  9KB
- MD5
  
  f4fcb98ae4e064770a34206e96fa9fa9
- SHA1
  
  872df0cb023a660670a08dd67c6624dcda5a2d84
- SHA256
  
  79c0be499062ae770dc3120482ef9d64574c8f536784dde939db12d1923e10e8
- SHA512
  
  9bff3315749bf080d7b74004f4140cfb94b662fd5e6e81a22cd4305d91da087e0f0db79adbc3a2d2b03b39b4617405d4cf5113cfceff12d16523c7686fa9b315
- SSDEEP
  
  96:k3GrsrqSGq7Y2/qn389wiHqIqcH6MZDJatsRZuqz/oYls+p84Y6:k2fqtiYwiHBwaVSouqrX
Score

1^/10
behavioral18
- Target
  
  libvcnverifylite.so
- Size
  
  13KB
- MD5
  
  6b7d64109555b77c7174e3df4b0e016b
- SHA1
  
  cc01a400908b7fefd5ddc9465877e170d2c6a9d5
- SHA256
  
  2b8e9b12fa45c44ab3e387cff08e3bba9351b18ab8a6bbab910f96ee32866085
- SHA512
  
  854b5afbebae0d927aeb2c1584521af350c6a64b406a7a37a6ef3e512a7208ee6fa010fc47387883a328c74d883126918bcc9b9eb591d671fea49c94584fe09d
- SSDEEP
  
  192:10g4mcZPx8NnxC0+rEHI6qBtoYC4bt0wayHf3QoTCUxr+:Gp8NMRaIoToTlK
Score

1^/10
behavioral19
- Target
  
  webvideo.html
- Size
  
  8KB
- MD5
  
  4ba03c614e0ea16cdef91527150a6c5c
- SHA1
  
  7296413150216d1b3953967de9639c06da9bae2d
- SHA256
  
  ba92c3762d1b6c9fd6a96005eae28b75879730df37d4457c84a6c161a8893e2e
- SHA512
  
  ab9a4fef3e5340d9966d11fb4a26958f2c8b1bd6c689ed89cc120ff62c6ef0cb6551c3c446d9a8490fc447e9f5e8a4bea985977039f61a5e53a42b875e811ea2
- SSDEEP
  
  192:QBM99sHZgRn18un0yIui8juWVJ3o374BMCi01Ku10z3y041HGvqUlLI5eqOBhOB3:6M4tBui8juWnY7CiwdTL
Score

1^/10
behavioral20 behavioral21
- Target
  
  zepto.min.js
- Size
  
  24KB
- MD5
  
  7598fcbafc0b7799c99f1a0270dcf2f5
- SHA1
  
  ee8e0c54293aefb5709ececbdf082f8091ad5e49
- SHA256
  
  27f6c0723a8c90ef39d2894d0058897f4d95586c19b78567a5fd374f76540756
- SHA512
  
  f1d5880121cf3ae2fd5db912ac24f9771605ac848c736cfb44b135a25301bcbbf21e15903c861ea1428f9519646a85946f3b75e3258c082980e41218240e7113
- SSDEEP
  
  384:JFKMZFWEkbr9f4w9/3zN3+1MlSWsam0UbdgTWa438rUYx1:r5kppvVMg6AB
Score

1^/10
behavioral22 behavioral23

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Makes use of the framework's Accessibility service.

Removes its main activity from the application launcher

Acquires the wake lock.

Loads dropped Dex/Jar

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background).

Removes a system notification.

Uses Crypto APIs (Might try to encrypt user data).

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23