Overview

overview

10

Static

static

7

6457c9837f...ba.apk

android-9-x86

10

6457c9837f...ba.apk

android-10-x64

10

6457c9837f...ba.apk

android-11-x64

10

noconnection.html

windows7-x64

1

noconnection.html

windows10-2004-x64

1

policy_content.html

windows7-x64

1

policy_content.html

windows10-2004-x64

1

slardar_bridge.js

windows7-x64

1

slardar_bridge.js

windows10-2004-x64

1

slardar_sdk.js

windows7-x64

1

slardar_sdk.js

windows10-2004-x64

1

terms_of_service.html

windows7-x64

1

terms_of_service.html

windows10-2004-x64

1

Analysis

  • max time kernel
    402306s
  • max time network
    169s
  • platform
    android_x64
  • resource
    android-x64-20231023.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231023.1-enlocale:en-usos:android-10-x64system
  • submitted
    28-11-2023 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6457c9837f35011200dbee5a82e7f73a09f53b2c68296dea01838e7714d9e1ba.apk

  • Size

    2.9MB

  • MD5

    f68658df74ae791d3cbecd205722cc41

  • SHA1

    ad879f0d74d16d7d5d4ec44bfbb8fa931c55a4f0

  • SHA256

    6457c9837f35011200dbee5a82e7f73a09f53b2c68296dea01838e7714d9e1ba

  • SHA512

    739fc004505dc896d83102fdf2a8b09181e333e37e61919ee4981ff35d983187e0932203e15b23df80ae5da95c539891bbcb43c45fd2240ffb732ba2fbf509fb

  • SSDEEP

    49152:C+JUfMl+7ZDPazbnhpn1zvMSjjajdyVSWrqc/b4oc2E8j8vEAinD02zmNSIaX:C+W0lIezFp9tkEbZ/j8i028e

Score
10/10
hookevasioninfostealerrattrojan

Malware Config

Extracted

Family

hook

C2

http://91.215.85.22:3434

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service. 3 IoCs
  • Acquires the wake lock. 1 IoCs
  • Loads dropped Dex/Jar 1 IoCs

    Runs executable file dropped to the device during analysis.

  • Reads information about phone network operator.
  • Removes a system notification. 1 IoCs
    evasion

Processes

  • com.dekezumepome.deyecite
    1⤵
    • Makes use of the framework's Accessibility service.
    • Acquires the wake lock.
    • Loads dropped Dex/Jar
    • Removes a system notification.
    PID:5054

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.dekezumepome.deyecite/app_DynamicOptDex/aMd.json
    Filesize

    705KB

    MD5

    90fcdd911130185f883976c36faf999d

    SHA1

    d86b61ce13d8f8c67d14168191a01b617c1855fd

    SHA256

    31c47cdcf1e5ad1c5eb62a19329bee13518182e07c75108d819cb25644d32cda

    SHA512

    760fef18b8a85b76bd50d93821e3eabf972fdb1134fa7e148272e974b92ae4647624a7f702309352e112be98c09d1cc87a48498fef9aaa27849fc931ff33fdcf

    Download Submit

  • /data/data/com.dekezumepome.deyecite/app_DynamicOptDex/aMd.json
    Filesize

    705KB

    MD5

    a37b0504afaee8a8fa7aa37dd0a8b528

    SHA1

    8ee3d308fdbf279011a5906955a16f8ec9348500

    SHA256

    3e143edb0b456f29437842c249f5602d28e07250049ed0d7e030ada41bd6c269

    SHA512

    6399c27a949cd90cc97940b0875ddc261ad4168f8d0d6117c23bdbd7618d75033e47a88b4318fb0487dd635682546754f22b795b101df01b9bdbe178a8ac00aa

    Download Submit

  • /data/data/com.dekezumepome.deyecite/app_DynamicOptDex/oat/aMd.json.cur.prof
    Filesize

    2KB

    MD5

    85149f2c9e41629ac8f6c42c361651bf

    SHA1

    a50ca75b23e6e3901fbd91af6983aef6b0116f9c

    SHA256

    0b7b2c2075770b7e6d16e1b194080c29ff3a367a348c7de12090ad4999657197

    SHA512

    18ad97c019b1cd2e9cd71b5a103a13c06582179d5d2f5a9254fadcf1438f5a440e8abc2ab6a5e34d67c3d80d687373b73a5346f8fe9dd3fb867377bfbdd3db60

    Download Submit

  • /data/data/com.dekezumepome.deyecite/app_DynamicOptDex/oat/aMd.json.cur.prof
    Filesize

    2KB

    MD5

    d8725de2ee54ab57498037dfb4c18c70

    SHA1

    8158187b7db48d56eb35b4f6fb2559323d0ae7b6

    SHA256

    a2a1ddd0a31c7dec2b2bcd3af35c46cb5528a9b191d06c222b81d072b4653dd7

    SHA512

    dc869a56618d1254b1974615655e3e1b3e129fe6743cc543850dbaa9bb61a6f6517f14ec702c6636cef61446d415d1f3ea21a37f620b8e00870dafc2eff02092

    Download Submit

  • /data/data/com.dekezumepome.deyecite/app_DynamicOptDex/oat/aMd.json.cur.prof
    Filesize

    3KB

    MD5

    59f0481f70f16c71f70cf8a35c3a46f8

    SHA1

    9c61f66752569d9b163f4e9a8a2ba0ff7838f29a

    SHA256

    e8f8ed898618e3ff08cca1bf513da0eaf388f4be3cadc1a4f53d2c8f44c2b60b

    SHA512

    8595e5004094ff56ea53c1a3e7e83c40e63e6c391061c91033862026ebfeb5e240979412bfab2d9b16dc0b910c5e9f50376ff4a120a64a3f8a8ab658694a929e

    Download Submit

  • /data/data/com.dekezumepome.deyecite/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.dekezumepome.deyecite/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    6b288d276bfd427629135406071f9c4f

    SHA1

    374718e2ae5d34a255e33fab700a62c9cf5b527c

    SHA256

    aaae2071fb964feb769efdf3b9035502c9e77221b934a0ffd2f7856a25c1fbae

    SHA512

    03e24f181563975d85c5ddc2a4267f0b4758dbbe22d2902652f4f0ea9ea7f1cc1e7ee16d4eeeddd298d1fcb25a918275c205f0a4bd9b01f82161059e3b4f626b

    Download Submit

  • /data/data/com.dekezumepome.deyecite/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.dekezumepome.deyecite/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    64089b77da808d86ee7b3fd3adf1331e

    SHA1

    b76e2ad2adf51a336f2ab319e83c4d45735adb74

    SHA256

    c1f5b1f7d51b22606e4e0e5910097b498a6b381f47ec689c3282548cd44224b5

    SHA512

    11b3cfc4d8ba9bde99cb51698f7460302961e39525844d95e56965d4e8598545f66e63fc2b5406b2f77c314381830680287569449850d6fedffe6c1eed4e8942

    Download Submit

  • /data/data/com.dekezumepome.deyecite/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    20a54ed094fb5cef5a671453ba3700d7

    SHA1

    4b93afb119526a72bf7f9f2ddd9f8e60b604ef96

    SHA256

    eb4590f9256330ee433d4499789f390e53d3698f8d3bf848a07465ba1781be50

    SHA512

    2ee27c3f2c416b01e4e683ff265d12bf02cf1fa6a6ce3de8e962934a3aeff282fa3f86b9e8079bc7ad216f4ee7f721765daa7f5e046a400700396e2ea4af1c0c

    Download Submit

  • /data/data/com.dekezumepome.deyecite/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    83fd395537a058effbf5dc52a51b10a9

    SHA1

    fd9c32d31cc7517bb26bd710cc076d3fa6bfcbb0

    SHA256

    0c78f2187b03266689fad0737240c5c888c1956253ff6cc2406a37ce13e5d290

    SHA512

    113b570474a003963d0343e1b28e4561b96d4ea44764b89423e6e4ec73ebc21ccebf269f2801c22a56b2e3606ad42e4f99689207fcafda3640d6a1bed287dfe4

    Download Submit

  • /data/user/0/com.dekezumepome.deyecite/app_DynamicOptDex/aMd.json
    Filesize

    1.5MB

    MD5

    75b6eb041c5124ca9fbf00d0844263d1

    SHA1

    c3dde78a6c27f78c8a4207b190bd7ded6b1a6887

    SHA256

    444fb400283211eb44017d60a707e63d140a6101fb58f5b6a7662559f9289a9c

    SHA512

    fef37cf4b613e976fef071bba2ddf26ac1c72110861c49589f7e05cd18f050ada78ef7515477cfe56ed162ca9e087ac4dfa277cd1b1d517fcdc2958eef22dda8

    Download Submit