Overview

overview

10

Static

static

7

7f86778b11...25.apk

android-9-x86

10

7f86778b11...25.apk

android-10-x64

10

7f86778b11...25.apk

android-11-x64

10

Analysis

  • max time kernel
    1759173s
  • max time network
    166s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231023-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231023-enlocale:en-usos:android-11-x64system
  • submitted
    25-10-2023 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7f86778b11adc997df2d943f889cceb90bf7e1f48520e95fad2fc87c66a6e825.apk

  • Size

    2.3MB

  • MD5

    350bc3fb7a87bf6026c0e006e3f77445

  • SHA1

    4cf89be4d3d93a7514582049d5632b3f1a6b8052

  • SHA256

    7f86778b11adc997df2d943f889cceb90bf7e1f48520e95fad2fc87c66a6e825

  • SHA512

    e2cd974755ee6e57d879f8a9fefef54aefafd4b7a2a8951ed1efced64ffc589ceb5304b82c67c935da85c7e7c6fc39779cda968cb410e18228e9580aa5e86ba2

  • SSDEEP

    49152:iNw68Uy9Owo/SKq+PdHe3nyqjVJd7l763Tnvf8YCLYBlOHwhhOMiXdg/y:cfSOwoKKq+PdHe3nrbx56zfVCEBlOXb

Score
10/10
hookevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

hook

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.buzaheciworexi.xacemi
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4505

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.buzaheciworexi.xacemi/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/data/com.buzaheciworexi.xacemi/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    792956ac2a865c10bfa9a4f942cafdbc

    SHA1

    207864fd017e076709d4716ea336c98c83a562ad

    SHA256

    514f955d79d2c705498f0a75656c20d115499388cad3be20e27927e13dd0efaf

    SHA512

    7a7d471e6db23f9d9b9eaa9182154e76183dccee411557c4ea87ee5647122c07654dda04aefffb6a0e1bdc426a34cce22cd0a23201c933196b875a7a09e0985a

    Download Submit

  • /data/data/com.buzaheciworexi.xacemi/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.buzaheciworexi.xacemi/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    afa5010a53ded21fda2def8076de081a

    SHA1

    6163a47aeb4d90f617a153c2c8d75cc8c8f448b3

    SHA256

    1bb94323af593807e0af5663d8e79704fe584931d24cc4de463258eb4bf81129

    SHA512

    bc829469e3dda98853cf6e2e5ecb79846a0d2a5027437289ff2e5985f9df4ca0af9b9969e11e9f2801ba83826c746a687eaef3006d2b186a34372ee8cbbb1540

    Download Submit

  • /data/data/com.buzaheciworexi.xacemi/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    4fecdf7a895c7572cf9203a9f5d6cc1d

    SHA1

    b7e82c4207f06940a1d1a02137398ebbf515735d

    SHA256

    62813c5f049572441ef4037f59c0c33a4bdc139726ec53f415f8f3fd56cd4dde

    SHA512

    5f647bdcfb805c6f07d99a8383be056e16385630776ff56e2f89393222b43b18d71589da59fe402787953ffb627a114a426578bc00a4d3dd72da7d88f8224767

    Download Submit

  • /data/data/com.buzaheciworexi.xacemi/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    caed06ba9949baa214375e97f46fe9e0

    SHA1

    084bea4e0edb729b5fb27f3362595d10790ee20d

    SHA256

    7542852687c89935f2fc3d290f089a9101f283870a4fcd8413f63e0d636eddcc

    SHA512

    4020ca5d8053411f042a37c790ac4ee9388f73fd73b12f808b091afa745196d0dfaed70aec2d25699da2d63872b1286ff78e82679474b6b18b9a5006e3765de7

    Download Submit