hook | c3a68f5783001da938ec752fe34e9dca921f190bb65ed408a873e72be7d25236

Analysis

max time kernel
1939311s
max time network
158s
platform
android_x64
resource
android-x64-20230831-en
resource tags

androidarch:x64arch:x86image:android-x64-20230831-enlocale:en-usos:android-10-x64system
submitted
08/09/2023, 06:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Lol.apk
Size

3.7MB
MD5

10f5a518febd8b0b08b7f69982bc0a7d
SHA1

77137ca4881b82a9baf3dea99e03ce92c89cc742
SHA256

238cdfbab88cbcb6b1a2379b2a18c993640c1f498c4cb0e9faef408331f41c0b
SHA512

52c557425b2eff4f244c2c34280118e913574c0b3a51bff966c4fb4538afdc1220ad6f94956098aeb53cee4984aeff30142f148f6e19c1a978af6d0e7801f918
SSDEEP

98304:z/Se3GAtk9/CYItyoKmFTwgzOOH2qWS9Rr:+e33tcPItTvFcg5W6b

Score

10^/10

hook evasion infostealer ransomware rat stealth trojan

Malware Config

Extracted

Family

hook

http://193.233.196.2:3434

Extracted

Family

hook

http://193.233.196.2:3434

AES_key

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service. 3 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.dogilowopuna.zico
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.dogilowopuna.zico
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.dogilowopuna.zico

Removes its main activity from the application launcher 2 IoCs

stealth trojan

pid	Process
5031	com.dogilowopuna.zico
5031	com.dogilowopuna.zico

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.dogilowopuna.zico

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json	5031	com.dogilowopuna.zico

Reads information about phone network operator.

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.dogilowopuna.zico

Uses Crypto APIs (Might try to encrypt user data). 1 IoCs

ransomware

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.dogilowopuna.zico

com.dogilowopuna.zico
1⤵
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
PID:5031

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.dogilowopuna.zico/app_DynamicOptDex/oat/pskPXGY.json.cur.prof

Filesize
3KB

MD5
56bc61cdba555f6582540869ec8fe271

SHA1
244b10f2efb70d11f3cf84ebaf9a80fa39f2c29a

SHA256
7e0c6587f00e4fec3cd96ca4e254dee5deb33fefab03bff91989dab71322b529

SHA512
106517a754898132c2bbf25be98028d29a40f55432f6d1f67f80f0fccb0b78b1ad419d72844459379a52a4e9ff449372a3036fdf8d512bb97032b695fe57cc3e

Download Submit
/data/data/com.dogilowopuna.zico/app_DynamicOptDex/oat/pskPXGY.json.cur.prof

Filesize
4KB

MD5
48028f51bf0ca890b47eed26f79dd124

SHA1
043b4057ab840d2a757dfd0e39a7d3d28b102dad

SHA256
9230c5f6fad5bc382c69c0455a41429c3fedddb42eaf8f27dfcf7d6105189eaf

SHA512
9b1b450088902b596609cde9e1dc95e84e753ac3c28ddd180f2540a2115b658429f4d137c3b3db9aa806c2b6982dc773625903ad84f99e8d0ed85364907a191c

Download Submit
/data/data/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

Filesize
704KB

MD5
9bfea1b2027ec1635c3590e0ea14e3cf

SHA1
9cc1ea7f49e361961be1f5d2ab43658d41f86d59

SHA256
f2620b302348120f00c9bd7a3e0a6cbef991b484edcdcdd915fbbd13ac861eb4

SHA512
4e17d67bcd5f5361a3d9b27f4fbc29969b25a2686edffa9872e7bca1a6528b4eaaf7f90541eda8d31583d8e515b1a20d4d1b20dd4a88c9e83e07d91d525de4a1

Download Submit
/data/data/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

Filesize
704KB

MD5
4c5cc08fbf8fe10e34fc490fef580f3c

SHA1
92f11a0ec664e21d5546109af27ac481d4741b8f

SHA256
604976f65004e5c54cd7ded095be2b42aae134c7e48c4bbef1faea342b8ed878

SHA512
f69b6877c057b0907b60a429d20af46f48931b3e95ab429ec2f580e1c6fa61232b0177a3dac18292f7bb4cef82d3dfe9e9263d929ffa1a8ffc1fb0319d3ab214

Download Submit
/data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
42b7215d177165d04abba1d4817bfd5d

SHA1
096319e4b92f607061d94f7265b18681818337f3

SHA256
997af1c2230f6a25f1986f0a3de5b544da2842e3d778557e1e8372777bd813f9

SHA512
6344dcdd7d51564e75c71dfcbfe9d5557bb192868d8e44b12cdd62269879c7df3799a8ba6a0ee91c005584a03260feeed28de15ca0b381cb06c881f803c3266a

Download Submit
/data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
826b6d41985b5698fff57505be4024f2

SHA1
6d4244fcf86956f3f051bdc8c0558b64c8574287

SHA256
4bade3874d5cbcf71a7b33b29ac8bd5f3854a62a0c53d68dec7d90ce681916fb

SHA512
aa100389105aa5222f87a9ee0580c0193ee3a2b14fdd4352474359584177857923b106e53709580224c3c45b79d306fcecc9491e2d38a9f97d5dd30130f7fc22

Download Submit
/data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
a0c57d53d86db22ef72fbdcc7ade2b84

SHA1
cfa776924cfc272c05418450b6322e4189923dc4

SHA256
4a0ae8de4ca264b2ee951bbbeebb3882eb93f4c644d45b2126c6d60479e23f06

SHA512
9700f5e61101663c3636d151b8c3635be8d8729505d8d82e366adbc04e561cd4f5098638b4c6c05f6765a09798d3d51410ecebbe006f4185655f3593186d84a8

Download Submit
/data/data/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
1a96ee16122008d9842c7937de307dd3

SHA1
601f3a661559a54b0777c6dcdcb105d22b74273c

SHA256
6659332746e8a39f6804819b15f8bffa29bf9ba51c0f812e0a29d12b0b033c6b

SHA512
c4b2c87070543a7d2aad60e8c5d17b47925f75e9a6c589b43b6fb57b773eaa0072c400f8416ad4a376f0e8ceeb71cfd4a03cc2deb59b81af9ef2056078e3cab0

Download Submit
/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

Filesize
1.5MB

MD5
cf80a0964d7adb2dc9ab389185abcff1

SHA1
a630b6d63b9be79f2fe9f2fc38c91fcbc1d8d6ea

SHA256
f90f95cb686db2f9ce0607038438527e3665ca8e33c38fd168834f6d96def4ed

SHA512
ef1a6f7c47772fd49ae2fda552df4f54fea83e30c99980ae8e0863b4abcfe2d7cb9869449962129cb560760d49ee6349add36e6ca7417e6cf0e9f99d86a3ee53

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads