Overview

overview

10

Static

static

10

af19050f00...ac.apk

android-9-x86

10

af19050f00...ac.apk

android-10-x64

10

af19050f00...ac.apk

android-11-x64

10

Analysis

  • max time kernel
    3283703s
  • max time network
    158s
  • platform
    android_x86
  • resource
    android-x86-arm-20231023-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
  • submitted
    12-11-2023 13:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    af19050f00acd13574451cc16e587cac.apk

  • Size

    1.1MB

  • MD5

    af19050f00acd13574451cc16e587cac

  • SHA1

    f3540be84bbdda033c564f30c8fb8cd7a25578b5

  • SHA256

    362d9b6948b901b263738736f0482706df81ec0c3eb354d79d75a1cb20c0b77f

  • SHA512

    e1a48f014ab9636ba77e56742b1a1c884b9272b34a2af0d37cee11aa63ab75f098effa01607f3264a7cf43e255b670f21da939c19c3c65f9ca8ad307aff57eb1

  • SSDEEP

    24576:18HQh8D2S7ML127PRohZWgdJW+AGuTp/ojDgpg/nKKf:18HM18PChEgdJRAP/2gpg/Pf

Score
10/10
hookevasioninfostealerransomwarerattrojan

Malware Config

Extracted

Family

hook

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Requests enabling of the accessibility settings. 1 IoCs
  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
    ransomware

Processes

  • com.buxamudekehuro.zoxu
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Requests enabling of the accessibility settings.
    • Removes a system notification.
    • Uses Crypto APIs (Might try to encrypt user data).
    PID:4252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.buxamudekehuro.zoxu/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.buxamudekehuro.zoxu/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    43d0abc3d152e3bfe6c1e773bc39f675

    SHA1

    8668d8f62584523ad86ac3b780b0f8f99ba49524

    SHA256

    ac15e3534e3c47130d9a69e2d0b777cf0f2072a34085ec2f88d9fb8197ded813

    SHA512

    304843157f80e6942ffb4f38e34ea5fb5ad77bfcf9db900af629c0f7f39c9a9e031b123be87131d04dd3c154518970cf14c607337d3a3a2122841861e84d4696

    Download Submit

  • /data/data/com.buxamudekehuro.zoxu/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.buxamudekehuro.zoxu/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    0d7c0b185344a022c0993c2970b238df

    SHA1

    7ea47c057a72ef1d70b8f0bcf7bba2d57ea9fd85

    SHA256

    2026734dfcfee4deca21b5b991ef6ff45a7d859df3646bf2c5726ccf3fcc2fbd

    SHA512

    5c13d78816d3553d11369a2eb06356776fe112e804c789363fa4ed27d357ed06401c6fc6842596b74e78cd9afdc8b2cc947979fb3a98138db19a49582f585047

    Download Submit

  • /data/data/com.buxamudekehuro.zoxu/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    550404b99a3f52e3440fb1fc222e2459

    SHA1

    7b4188500da6adfba3de4ad81e7edc29c9b476e3

    SHA256

    78daae8041262ef65f4aad82dd34faced870f0eb515034db19fba27bf0ff92bc

    SHA512

    e1f30fe6d02b8ae41a9a5baab02c0dcbd6e069e5625aad163031a4c83756907f09a361a2ce41b540dbb7b477c315843ea2ee3104e772127733f6d4e6e97e077f

    Download Submit

  • /data/data/com.buxamudekehuro.zoxu/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    b1301e33b5d5deaa5394943995f675dd

    SHA1

    5a1d62c65f8ade8b990fb0028a5d4e7f73783ffb

    SHA256

    653a654ca2e81322cd63ed481a9d14cc9a2b97ee2f27d0159e69695775b9d01e

    SHA512

    3ebed3f6fb628676da10af3e723f4b625f906ca95332f665f78219be8a580a080d3c8c38be499ef62e46640ccd63c23d2fe716aa103017880c252bcdb753bfad

    Download Submit