Extracted

• • Target

    6457c9837f35011200dbee5a82e7f73a09f53b2c68296dea01838e7714d9e1ba.bin

  • Size

    2.9MB

  • MD5

    f68658df74ae791d3cbecd205722cc41

  • SHA1

    ad879f0d74d16d7d5d4ec44bfbb8fa931c55a4f0

  • SHA256

    6457c9837f35011200dbee5a82e7f73a09f53b2c68296dea01838e7714d9e1ba

  • SHA512

    739fc004505dc896d83102fdf2a8b09181e333e37e61919ee4981ff35d983187e0932203e15b23df80ae5da95c539891bbcb43c45fd2240ffb732ba2fbf509fb

  • SSDEEP

    49152:C+JUfMl+7ZDPazbnhpn1zvMSjjajdyVSWrqc/b4oc2E8j8vEAinD02zmNSIaX:C+W0lIezFp9tkEbZ/j8i028e

  Score

  10^/10

  hookevasioninfostealerrattrojanransomwarestealth

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook

  • Makes use of the framework's Accessibility service.

  • Removes its main activity from the application launcher

    stealthtrojan

  • Acquires the wake lock.

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion

  • Removes a system notification.

    evasion

  • Uses Crypto APIs (Might try to encrypt user data).

    ransomware
  behavioral1behavioral2behavioral3

• • Target

    noconnection.html

  • Size

    161B

  • MD5

    856bec178dc0b1c9db20f147ef93d86e

  • SHA1

    426577810cb9e2123e3490eefd71153bff28f4ae

  • SHA256

    8df9563fd4ec286f4b8e608a7f10ac16be1211cbd028eecd269c7c0e5979656c

  • SHA512

    cfea8fac891818a3c5bbaff4adef3172049a19ddcddf9ce0b55d51507a443da6a116c022d457cff1de3c789576292d522eb74e7efb02a5fe00c38185bf86bdc9

  Score

  1^/10
  behavioral4behavioral5

• • Target

    policy_content.html

  • Size

    32KB

  • MD5

    a1356a5adbc941d1ed5dac6d201752a1

  • SHA1

    90aca8bb6b2cfb2a6b06ff25614534b8d399de10

  • SHA256

    1b6d7320b92cfaefe70ffe794f80aac6c54f677f068cb4153d12374f07b0f220

  • SHA512

    1019868d41e534849759ba59e41fd7aa3ee34641fa2c48f30db339693f1819812f0ab60af346c16e0f36253168587ebf931fe169b4c3ed200bf90f124555beb8

  • SSDEEP

    768:xDUPeD0UqI4+9azTqSRCc86hffDGBLo53EoOqyhhkqkC9:BUP+0UqI9J6CgOhIC9

  Score

  1^/10
  behavioral6behavioral7

• • Target

    slardar_bridge.js

  • Size

    2KB

  • MD5

    6ae2bd17c123f6421408077ba25514b8

  • SHA1

    960f2405a0222cd98d43cb36d585f39674b2dc35

  • SHA256

    67ed9d7fd80d34270b8a36832f548e94d479b3675eab1dd11590d56c2f285ddc

  • SHA512

    98786a8e9a4fafef3d73acfe45bf2ccfc73bc2945640c1baa4c0937d005b9d29c1c9355144930fecd0e31c4193351927936c09e41d927b5b61a5cf3d5d55bd77

  Score

  1^/10
  behavioral8behavioral9

• • Target

    slardar_sdk.js

  • Size

    42KB

  • MD5

    b13b02338702953aac52bafd67fc72c0

  • SHA1

    4aecd94b6f6cae3973442032cc9eb0f971f09877

  • SHA256

    97f24566e7dbc114a47c101c5600471192b98e832b06f3871fd23fc9e904d631

  • SHA512

    3ffa3e47e0777c5b4a0b6b225f203d7f90de7549c5d7e72f5984880ff86afcb9c4ef7fe4c042691ee102268c3e7f95fc8b3434c632c0350a36af969b78a7d537

  • SSDEEP

    384:ZexhJkqJBcnSCjdLqbTen/ZNHKTYBB6kfmKyWiIoSBQVfM22sBQggv1dq0Gvwk9N:UxZunS0b3v1gPBi1evwHRCVNJ4Hk/kmX

  Score

  1^/10
  behavioral10behavioral11

• • Target

    terms_of_service.html

  • Size

    37KB

  • MD5

    fac701b30a0710cf8a8621cfea47425a

  • SHA1

    6a18b24bf095197d1bcb101a99b44d5fbcd247fc

  • SHA256

    74a5c8ccf4a38f31ca60eaa550583756f2c4022b174f8899316de83847902914

  • SHA512

    861ed00900efac68e36ce60e6ddef20208c6b12fa06e4d0f57f39860b8e14d93ea8a9e659f8bbf7237a856a50d3332f3bf3b59ea522d3ac947fbb52f0c2945b8

  • SSDEEP

    768:3919uv44m3S8RaYwkwr7y26DP3eUvEUggAw:3Mv4b3SsaeW7y26DWdUQw

  Score

  1^/10
  behavioral12behavioral13