hook | 10931de207177fa1a1ca4cd2bc2f289789cd28cbe4b95ba92583e3b451e19086

Analysis

max time kernel
1871781s
max time network
144s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
15-12-2023 22:15

Target

7b264466e215505230540b4ac4d01ef47227a80acd33be86835367cbf362dbfe.apk
Size

1.1MB
MD5

297c76363e44ace3376eaab9fd2b620f
SHA1

ec099e01d689e5cf03dbf84b4cd990aed6d80441
SHA256

7b264466e215505230540b4ac4d01ef47227a80acd33be86835367cbf362dbfe
SHA512

7d1fe4344f20adfd7cbc801557894b37b7dcbbb0089aa4b00e90ade477d83275539516a5b53e4739e4fde4cfb22a3db2eed689410aa21895bd351f58c28506ef
SSDEEP

24576:ftd6Z1nU34NqBVxmcU/O0p+cwNoIReAxI1U/ojySUg/fL66:1d6Z1nU34ND3+cwN1ReNa/XSUg/26

Score

10^/10

Family

hook

AES_key

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.jipegepoxazotodi.rediruvo
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.jipegepoxazotodi.rediruvo
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.jipegepoxazotodi.rediruvo

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.jipegepoxazotodi.rediruvo

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.jipegepoxazotodi.rediruvo

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.jipegepoxazotodi.rediruvo

/data/data/com.jipegepoxazotodi.rediruvo/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.jipegepoxazotodi.rediruvo/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
f7cf8251fc90b146ba71c9775b3e445a

SHA1
0251b231a0a775cea87d8c2cc23bee81c9e8051c

SHA256
bafb327730775c89d062ba43fbfef28040d1d5252cdc85fe745fcaab90fc02b7

SHA512
d7f5031c499cc60beffacebb6726fc9d5655eebc8e92d80345b46772cc3196812e97c6db1ac82180e9e1681da19ced3495a76d32c66a489e44c35b841009467b

Download Submit
/data/data/com.jipegepoxazotodi.rediruvo/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
54e4a10448ca36044d75f48627a13e0c

SHA1
4c6891be49ebf6fe8c53232067e07755464aaacd

SHA256
3574a40175c370ab5a912d01af821804c2d582ee8cab04afb28a06cb03c23df2

SHA512
a0cb36a3d2452f4674b49601805e530c192143c97d04c5a1073c401c240430f89f8db16b9e0b72e5afc0085ad2fa6ef9bb472b610dae0f1c776b55bf9bc11d58

Download Submit