General
-
Target
13609086958.zip
-
Size
3.4MB
-
Sample
231215-2j96tahegl
-
MD5
ec1ffe46b3df54a17226069c1425476e
-
SHA1
e660b51fd8a97d56edf99fdddfcb1ab941fb0b6a
-
SHA256
2a2d38d4ae629349d817bffc4b668c0d3877b36c113635a6151685ebb12d2206
-
SHA512
c603d989d8a502e4d2194fdc718aca5cd8bcada0af71463cd66e65050eb099e2e0e7c296c2da635477f1a3084fef0b443a698fc9f8e7191aed3cb619e4274cb1
-
SSDEEP
98304:pR6GLYaOIJeoeypgZrnci4X72P++kVyPfoMrfW:pOIclyqVncicK+3VUH6
Static task
static1
Behavioral task
behavioral1
Sample
ac489064b5e34b4d918e4ad2444bc983a1ef9c84f6a1237a983803d2c6c6dcb1.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
ac489064b5e34b4d918e4ad2444bc983a1ef9c84f6a1237a983803d2c6c6dcb1.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
ac489064b5e34b4d918e4ad2444bc983a1ef9c84f6a1237a983803d2c6c6dcb1.apk
Resource
android-x64-arm64-20231215-en
Behavioral task
behavioral4
Sample
amap_resource1_0_0.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral5
Sample
amap_resource1_0_0.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral6
Sample
amap_resource1_0_0.apk
Resource
android-x64-arm64-20231215-en
Malware Config
Extracted
hook
http://193.233.196.2:3434
Targets
-
-
Target
ac489064b5e34b4d918e4ad2444bc983a1ef9c84f6a1237a983803d2c6c6dcb1
-
Size
4.0MB
-
MD5
9acb60849b8a8d5a65973b6f7fee8cc4
-
SHA1
38a6b3bee7b871bb74ba5cac0db7347cad902565
-
SHA256
ac489064b5e34b4d918e4ad2444bc983a1ef9c84f6a1237a983803d2c6c6dcb1
-
SHA512
7fa4c9310be6f71733e3da7a303d414f2f765b7b2182610a4ad17c5ec5e59a21c722accd01981fae532c66b5c0e33173d474d4c6b56eb7bc9e9dce477e035e5b
-
SSDEEP
98304:nvEXNj1C/CRvlG0yiBH0l+ijldZXVTFtd:nveV1KQvl7TBUQ6lrlTFz
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
-
-
Target
amap_resource1_0_0.png
-
Size
24KB
-
MD5
d9e612e434d8ca593ac46be40ba60728
-
SHA1
5c306bab17293463b336017e4c8d4259a35795e2
-
SHA256
89a8d43f11c1c61827938c9b81b8ec165f87e9cf65d07e7b8e10ab5796ac9984
-
SHA512
e78b351826e91c0e4500ae768018274c99fc283d8f083289d19af661eedf7bda6c685d655dd8a1cef70bc2937fec4e5b91b40be13b9047848aa5322370f61968
-
SSDEEP
384:cNxY1sTiUwgYBsutSLGHIjJyo6oAJUXBnym:YxY1sGgitVoQoAWxd
Score1/10 -