Resubmissions
10-12-2023 02:58
231210-df9h4sbfhj 1010-12-2023 02:27
231210-cxrtysdbd5 1004-12-2023 23:54
231204-3x1pzagc3y 10Analysis
-
max time kernel
927174s -
max time network
156s -
platform
android_x64 -
resource
android-x64-arm64-20231023-en -
resource tags
-
submitted
04-12-2023 23:54
General
-
Target
d0f6fb23c8d44e145fd53b49aadae882210988562bc50dd4050eb2f299867fa2.apk
-
Size
2.8MB
-
MD5
d54f97bdf040848bb4c81bc31d1c555c
-
SHA1
f65d0f596ea70b36d5b60dcdd5ebe0ba79c749ce
-
SHA256
d0f6fb23c8d44e145fd53b49aadae882210988562bc50dd4050eb2f299867fa2
-
SHA512
a82e77de72e5bad481dd353f6a1c4646254ce1fcbbe00db7d3f6a48b7fede69be494a1d79445909a9ed48abd66bab49580c10e52efb12b0bb8b4c9f10e526d7b
-
SSDEEP
49152:PCaTT4jHJEeu4+jXhJRt4OQpznwVAkGNA5VsZcYchULdzF/Xx3g/Fz:/T4dcZNJRt4npTwKkGNyJ2LdzFXCz
Malware Config
Extracted
hook
http://195.35.11.135:3434
Signatures
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service. 3 IoCs
-
Removes its main activity from the application launcher 1 IoCs
-
Acquires the wake lock. 1 IoCs
-
Requests enabling of the accessibility settings. 1 IoCs
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
-
Removes a system notification. 1 IoCs
-
Uses Crypto APIs (Might try to encrypt user data). 1 IoCs
Processes
-
com.tencent.mm1⤵
- Makes use of the framework's Accessibility service.
- Removes its main activity from the application launcher
- Acquires the wake lock.
- Requests enabling of the accessibility settings.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Removes a system notification.
- Uses Crypto APIs (Might try to encrypt user data).
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD57e858c4054eb00fcddc653a04e5cd1c6
SHA12e056bf31a8d78df136f02a62afeeca77f4faccf
SHA2569010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb
-
Filesize
512B
MD5b41fba36e722912bac7eb7587c16b664
SHA1a97c59a7c41879fbeeb9d293cae00e571b0ac5fc
SHA256b4c16759bff7fe640093b7560a633c4130f4df881788b94a0360b4611e7e3929
SHA5129a7a4cd1f47d76fba0ed7ef397e45dde056490aaafe86e96666ab038d33a892f565d648a0a5ce0c57169933f01bb7879abdaa5e35a5de3cac5b9270781f3ee1d
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD5d70c13f7bacc11158c0b6b2fc364005a
SHA1a8b5c40c6d2fd3198789e47c22cb05838b3368ce
SHA2569915ac84f31c40900d5a03bc7bbb790ed18bcf87d0eb10001ff129407ec7874c
SHA5120937347a9d6f7c53892751cd656fcf2e1b3f44110050064d0e8fcde7c9fb93d65f09d8536f757f49ff151b312ba77e0205e29b0d4e09ecd62d0218ba2d36922d
-
Filesize
108KB
MD5534fd389477bdb3155406b2e3670afa9
SHA1b844bcd0ae729c1c64750e058a58b2e566c55ddd
SHA2565b3d9325610f36ade69661f7f4b06d88b8864163753112dd4ea242a6c1e3b9d2
SHA512ac3eac55b0aff58bdd3804adf5a7147474e6df968b64051bb1209d915644c2212b62cc21cb72c25598c83043ea20a241cb52bfe98c2bf290390ac9d3922ef210
-
Filesize
173KB
MD59d35c66d33c637f1fa63542354ea754a
SHA1d172e771851b5f2cd35c620c181c8aa4103c2010
SHA256f8a520ea35257a7333a69059f3d6fc306a99f4f745663858d1e14e61fdf2b366
SHA5129431d65930fa52d087ceac142361be6dfc9cc81df47d1f141ead73020ec1c5d5164c3c726cd0202e1ea40fecb12658bba427c26489d246b82407277fef4941cf