hook | c3a68f5783001da938ec752fe34e9dca921f190bb65ed408a873e72be7d25236

Analysis

max time kernel
1939312s
max time network
158s
platform
android_x64
resource
android-x64-arm64-20230831-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20230831-enlocale:en-usos:android-11-x64system
submitted
08/09/2023, 06:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Lol.apk
Size

3.7MB
MD5

10f5a518febd8b0b08b7f69982bc0a7d
SHA1

77137ca4881b82a9baf3dea99e03ce92c89cc742
SHA256

238cdfbab88cbcb6b1a2379b2a18c993640c1f498c4cb0e9faef408331f41c0b
SHA512

52c557425b2eff4f244c2c34280118e913574c0b3a51bff966c4fb4538afdc1220ad6f94956098aeb53cee4984aeff30142f148f6e19c1a978af6d0e7801f918
SSDEEP

98304:z/Se3GAtk9/CYItyoKmFTwgzOOH2qWS9Rr:+e33tcPItTvFcg5W6b

Score

10^/10

hook evasion infostealer rat trojan

Malware Config

Extracted

Family

hook

http://193.233.196.2:3434

Extracted

Family

hook

http://193.233.196.2:3434

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service. 3 IoCs

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.dogilowopuna.zico
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.dogilowopuna.zico
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.dogilowopuna.zico

Acquires the wake lock. 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.dogilowopuna.zico

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json	4544	com.dogilowopuna.zico

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs

evasion

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.dogilowopuna.zico

Removes a system notification. 1 IoCs

evasion

description	ioc	Process
Framework service call	android.app.INotificationManager.cancelNotificationWithTag	com.dogilowopuna.zico

com.dogilowopuna.zico
1⤵
- Makes use of the framework's Accessibility service.
- Acquires the wake lock.
- Loads dropped Dex/Jar
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
PID:4544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/oat/pskPXGY.json.cur.prof

Filesize
3KB

MD5
ad71725978a7c37240d7a424fae6d9b5

SHA1
352ac6c94657bf3aef604ed465d04b2a98d657a4

SHA256
5f9d6cc45ed55e8898013762b81f28388f006aa6be3f1add6ef401d1e91e2754

SHA512
48ff5ce1375a02f972cb1ad47c899aa26ba399644bb234f0e7cf6f4978016928dcb114261ae84431f8b19b0d319d8a230079f333b8996d6cbf62a8da4c7f0e0a

Download Submit
/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

Filesize
704KB

MD5
9bfea1b2027ec1635c3590e0ea14e3cf

SHA1
9cc1ea7f49e361961be1f5d2ab43658d41f86d59

SHA256
f2620b302348120f00c9bd7a3e0a6cbef991b484edcdcdd915fbbd13ac861eb4

SHA512
4e17d67bcd5f5361a3d9b27f4fbc29969b25a2686edffa9872e7bca1a6528b4eaaf7f90541eda8d31583d8e515b1a20d4d1b20dd4a88c9e83e07d91d525de4a1

Download Submit
/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

Filesize
704KB

MD5
4c5cc08fbf8fe10e34fc490fef580f3c

SHA1
92f11a0ec664e21d5546109af27ac481d4741b8f

SHA256
604976f65004e5c54cd7ded095be2b42aae134c7e48c4bbef1faea342b8ed878

SHA512
f69b6877c057b0907b60a429d20af46f48931b3e95ab429ec2f580e1c6fa61232b0177a3dac18292f7bb4cef82d3dfe9e9263d929ffa1a8ffc1fb0319d3ab214

Download Submit
/data/user/0/com.dogilowopuna.zico/app_DynamicOptDex/pskPXGY.json

Filesize
1.5MB

MD5
cf80a0964d7adb2dc9ab389185abcff1

SHA1
a630b6d63b9be79f2fe9f2fc38c91fcbc1d8d6ea

SHA256
f90f95cb686db2f9ce0607038438527e3665ca8e33c38fd168834f6d96def4ed

SHA512
ef1a6f7c47772fd49ae2fda552df4f54fea83e30c99980ae8e0863b4abcfe2d7cb9869449962129cb560760d49ee6349add36e6ca7417e6cf0e9f99d86a3ee53

Download Submit
/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
942af0d336c67ab4f68926738db100ba

SHA1
bc8b06e24229fbcbf6be8c7d54e60dbd985bca53

SHA256
ac6cc22efff5708cf2f68ba00bdc779c5cf841edfaba83bcd1550921c13c5e1f

SHA512
4c689353c18e5fb866790f90fcd8f358667267f6659eb4d41d2438c617a2dd1c904092c22608a25ee80105de29a01990b9409235f4d3335c3fdd9373083234bf

Download Submit
/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
ad08c951621783e3ae93841eed0e52c9

SHA1
dea7596c9510d2333de8d44f671031ad305fde0c

SHA256
454259bb8b30658f778b16138ec363a1571b53927b9e070dd25b37f21e019d9f

SHA512
2a2c09e3e8f14fae2906b11a0e3ccae84c8aff5d3be2670386474386d3b1b277006ef8e00f405a46208ee2a71daca75221edae86d5c5762c7c13298341c1317c

Download Submit
/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
82764ada9c18d86a8959b4764d4afe12

SHA1
a96b5a268820819da281f70902bd9403f1c31114

SHA256
273e5f47f8aba56ad6626999caa0e07a9cb196a763852ec52735bf827ac48d91

SHA512
11f8bb2b2682f839053bf5908adf09da0a61d149eca4623d362f98990782c7ffd58871d6b5a649b179b152741b901183f8d03fb2aaea9ee1a2d8cb7a05260087

Download Submit
/data/user/0/com.dogilowopuna.zico/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
fc9fdd13773587685f8b7324a8fded7f

SHA1
c8857e15ceaab34edb22a3c93a1b9232b8ac5b8f

SHA256
425eec5f0da7bf927982a96a7368bf2a8909510880ffae9f00f2bbeed251c21e

SHA512
f59feb1ca558331c13660c111b599f0f1a6cbb10c0e45d3c69c95a149fee57b9e71a92a400117c0b3071e67e6431299c4244a7c14583adb8771b4972379ed714

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads