hook | 2a2d38d4ae629349d817bffc4b668c0d3877b36c113635a6151685ebb12d2206

Analysis

max time kernel
1872994s
max time network
163s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
15-12-2023 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac489064b5e34b4d918e4ad2444bc983a1ef9c84f6a1237a983803d2c6c6dcb1.apk
Size

4.0MB
MD5

9acb60849b8a8d5a65973b6f7fee8cc4
SHA1

38a6b3bee7b871bb74ba5cac0db7347cad902565
SHA256

ac489064b5e34b4d918e4ad2444bc983a1ef9c84f6a1237a983803d2c6c6dcb1
SHA512

7fa4c9310be6f71733e3da7a303d414f2f765b7b2182610a4ad17c5ec5e59a21c722accd01981fae532c66b5c0e33173d474d4c6b56eb7bc9e9dce477e035e5b
SSDEEP

98304:nvEXNj1C/CRvlG0yiBH0l+ijldZXVTFtd:nveV1KQvl7TBUQ6lrlTFz

Score

10^/10

hook infostealer rat trojan

Malware Config

Extracted

Family

hook

http://193.233.196.2:3434

AES_key

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.fihuxoyareru.xusopasu
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.fihuxoyareru.xusopasu
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.fihuxoyareru.xusopasu

Loads dropped Dex/Jar 1 IoCs

Runs executable file dropped to the device during analysis.

ioc	pid	Process
/data/user/0/com.fihuxoyareru.xusopasu/app_DynamicOptDex/pFdu.json	4986	com.fihuxoyareru.xusopasu

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.fihuxoyareru.xusopasu

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.fihuxoyareru.xusopasu

com.fihuxoyareru.xusopasu
1⤵
- Makes use of the framework's Accessibility service
- Loads dropped Dex/Jar
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4986

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fihuxoyareru.xusopasu/app_DynamicOptDex/oat/pFdu.json.cur.prof

Filesize
3KB

MD5
17124db33c3c0f7bce6bf02f75174d33

SHA1
2a0466731703355bcdb6bc6e63e48a5064c4b56a

SHA256
76155c22fad9bea956395fcff233874435f3be61ea97248ef0f37d0e82e358f4

SHA512
c38c5d756a64aacfc7fbafdf40b5905986575528ddfb4a0162305233943e36fcc7dfce59e5403d55c55ea04e4c4c1a9f4c6c9be3e693ad11db06ceb74850760c

Download Submit
/data/data/com.fihuxoyareru.xusopasu/app_DynamicOptDex/oat/pFdu.json.cur.prof

Filesize
3KB

MD5
d6573295fe24e86bffba89d5435e78e3

SHA1
44676dce1b853028d8e32afc761fcf70fcdd0c8e

SHA256
07221438a3442b53debd9a3ad770dffc781f5b360ea8eef90a46f50736849bfc

SHA512
392f44e5c9daa450bc96f7887c4edf9619c88570661ab573d0c6d9e36981b74182c6b69a79bb0d30fffae7a46c2e0906389eefa7de45400388f5c2672c68f28f

Download Submit
/data/data/com.fihuxoyareru.xusopasu/app_DynamicOptDex/pFdu.json

Filesize
705KB

MD5
10a9cb6f44bbe4a4b4c5b9cd9a18ec25

SHA1
a1b02cb626c82bd595667d5f6e377166e9a7ab8f

SHA256
51df2a75ff2687d40d62a9cd006e9d545ccfcf3a30db9c453052ba606fb91ae5

SHA512
15d5e1d25f818a10bedea134a602ab9f1ea470a6e4a5c0339308cdd30ae6fd13225af3ed35978f07056536d104949bc878aa8a5aae5eab5b9f980b3cd01dd863

Download Submit
/data/data/com.fihuxoyareru.xusopasu/app_DynamicOptDex/pFdu.json

Filesize
705KB

MD5
0bfbea6ad277350d6cc505204bf6b7fe

SHA1
117dea7c71fcf96fa235a8ed8064f6515fc02d1c

SHA256
30b96f66284897ca6926c6a28ccd9e480b8baed72a37e36767a7467af2d47176

SHA512
7ee1cfc9e3b884fa9f33c6b2bcaff96456ce018e974cdd3217beedd4c3638219d1aeee0e6f598a123baf8cad32b14001be8a9c33a8f96da5bc00a9c8f5133442

Download Submit
/data/data/com.fihuxoyareru.xusopasu/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.fihuxoyareru.xusopasu/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
4d14a56412c7bd214293032d3dfb8138

SHA1
ff5f378c7257665854a36b9699e27992921d9690

SHA256
8df574c965225a1512f920434c5d9f70eaf6eab134505e9596fb9c4d22a21f7b

SHA512
2295f430a22cd03e8691c4c81ab11700a2efbd178f5e49f446db67d3aa97c1852eddb488adfe363f2873389232715ce5a90b68b5a6cd61414f8c0940a0767593

Download Submit
/data/data/com.fihuxoyareru.xusopasu/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
668a4068222104ee34db1cf7f30795fa

SHA1
1624cc7a4b1daeb9710534f18d285039b013edd4

SHA256
d2f1cff461818a50a97f754f9b2924309a6af01d3197c99444da8d2a5c8d4ac2

SHA512
798d877c4d001c35fd0bd0be92172ef6cf233d9c2027ef3b317a42d25a2e42e22fa5655eef83fd65c4da750d70c7e58b669e5361678c4d633672a40c185431f7

Download Submit
/data/data/com.fihuxoyareru.xusopasu/no_backup/androidx.work.workdb-wal

Filesize
20KB

MD5
e07067ea4a8b43ea60a1a0f71ef6fbdb

SHA1
78d69a9169c6cc2cfcf9ab8d812ec14edd8e227b

SHA256
dc50042653e02486cc30214a6ac0b7b8f5eac97e7b310a93df7f849436aaeeb2

SHA512
5b0a0b409d5b249bfe9d35dc80330fa97ef55259cf0a24b206b47bf25ca3685cf94e559ff230313c12a5b54496e61425d3d54b8787957c79404e0625b944b436

Download Submit
/data/user/0/com.fihuxoyareru.xusopasu/app_DynamicOptDex/pFdu.json

Filesize
1.5MB

MD5
3086665e8439a247fa1e1acf478009d6

SHA1
ca6f455f0ff58a854cf06c22aefaa602f7a8d749

SHA256
04536e1d865fe23c8b13920ad08bf986831e2adc65e459c64e1300667fbd8f0e

SHA512
d7da1554bf91270fb907bc00dba4f30c1b487e990c624b68558c1932c6cf07b48847d50caa6b6e891431f9d5307d3274f205009f6b73fa748b76514174c62cc3

Download Submit