Overview

overview

10

Static

static

10

d0f6fb23c8...a2.apk

android-9-x86

10

d0f6fb23c8...a2.apk

android-10-x64

10

d0f6fb23c8...a2.apk

android-11-x64

10

Resubmissions

10-12-2023 02:58

231210-df9h4sbfhj 10

10-12-2023 02:27

231210-cxrtysdbd5 10

04-12-2023 23:54

231204-3x1pzagc3y 10

Analysis

  • max time kernel
    1370070s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20231023-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231023-enlocale:en-usos:android-9-x86system
  • submitted
    10-12-2023 02:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d0f6fb23c8d44e145fd53b49aadae882210988562bc50dd4050eb2f299867fa2.apk

  • Size

    2.8MB

  • MD5

    d54f97bdf040848bb4c81bc31d1c555c

  • SHA1

    f65d0f596ea70b36d5b60dcdd5ebe0ba79c749ce

  • SHA256

    d0f6fb23c8d44e145fd53b49aadae882210988562bc50dd4050eb2f299867fa2

  • SHA512

    a82e77de72e5bad481dd353f6a1c4646254ce1fcbbe00db7d3f6a48b7fede69be494a1d79445909a9ed48abd66bab49580c10e52efb12b0bb8b4c9f10e526d7b

  • SSDEEP

    49152:PCaTT4jHJEeu4+jXhJRt4OQpznwVAkGNA5VsZcYchULdzF/Xx3g/Fz:/T4dcZNJRt4npTwKkGNyJ2LdzFXCz

Score
10/10
hookevasioninfostealerrattrojan

Malware Config

Extracted

Family

hook

C2

http://195.35.11.135:3434

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Requests enabling of the accessibility settings. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Requests enabling of the accessibility settings.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4257

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    1977247c9c5c092fa49f9332b10a0bd0

    SHA1

    7acdff6aa70c97f2f52e18989a1b0211a19e11b2

    SHA256

    1606ea5658b6e9a19635178e8eb7bf132ead9c0eab51757c071b131ab8a5ccba

    SHA512

    7fb4447603d2e08d61df2e81e28e1a6d50edce7dc896e2ecba6b1c45f67f4545650818d4cdaa2fb52bf50bbd0097eb33a78a5b8ae42a05789c37b272af790963

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    803258ab04f68ebcfb2b4ee7d18b2946

    SHA1

    86b5e2e69df4e210594508d125ccdac8bac3fcf8

    SHA256

    5fa31912e84bd3d39e934c10a7aadc5ce4cc622c77a042d764ace143f9e73178

    SHA512

    9ae9bd9ae6130d9c9302273908d8d6f5ee76ae6accd4c4468fc91781f266689cc2034ad853fb83de97bb66a8bed43c6367c9a1635583701e679e4b22901e8d0b

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    fa73eb53ad9d56772448f32615d85d01

    SHA1

    43fc44327fee9a9a2b0cdb0370d30fabc028554a

    SHA256

    42574c33ba0b31fe54402db978285349f4779cec188c1c96fbe93e3788cb9e11

    SHA512

    6c13cf7dbc04231cbcd9a67c2d46619f907107d0205fb0abf056699896e1676bf55f2ccacafc463a480d5207cec0161d792f8208300bb18efb6ab5c90614d889

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    40d31ee8a7173b35e221b759df778cc3

    SHA1

    4646192663d836acbbd749dea405db80eb1b9473

    SHA256

    fa2bcdf1f0fe83eeaf52bcbf52106a849bfc7548aae0d2392795d6771ed5d241

    SHA512

    a057732197c34ae1f37e560d7890f3f6c375364d3a4dc29c8be846aaaf2751679855dcc7bb3ece0767ad21a38af2129905dd338c85f208b2f2bf04487586bb27

    Download Submit