hook | dc4712f817e553e8371df12013c9ebe027056bdbd2aeb56442b5b46ac71f321d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

6

dc4712f817...1d.apk

android-9-x86

dc4712f817...1d.apk

android-10-x64

dc4712f817...1d.apk

android-11-x64

Sharing

General

Target

dc4712f817e553e8371df12013c9ebe027056bdbd2aeb56442b5b46ac71f321d
Size

1.2MB
Sample

231227-x188macaeq
MD5

9c71138391b46bdc409b2127c7c9baa7
SHA1

ea7d6c968f085c84e2790a49986635cced746666
SHA256

dc4712f817e553e8371df12013c9ebe027056bdbd2aeb56442b5b46ac71f321d
SHA512

1951e1057e337f4a50a8d7b70ef45bba826096bb8064337bc78d30e07894f0ffce63b07d97d131602d219818d2f0ed94e10ddebffa3c08f9d239714edc5a67e2
SSDEEP

24576:sWTVd0Vv4B/nQz321KE9nx7olQmY32g/E0SMtS:saVTB/n432Usag/u/

Score

10^/10

hook android banker evasion infostealer rat stealth trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

dc4712f817e553e8371df12013c9ebe027056bdbd2aeb56442b5b46ac71f321d.apk

Resource

android-x86-arm-20231215-en

hook banker evasion infostealer rat stealth trojan

android-9-x86

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

dc4712f817e553e8371df12013c9ebe027056bdbd2aeb56442b5b46ac71f321d.apk

Resource

android-x64-20231215-en

hook banker infostealer rat stealth trojan

android-10-x64

7 signatures

150 seconds

Behavioral task

behavioral3

Sample

dc4712f817e553e8371df12013c9ebe027056bdbd2aeb56442b5b46ac71f321d.apk

Resource

android-x64-arm64-20231215-en

hook banker evasion infostealer rat stealth trojan

android-11-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

hook

C2

http://198.186.130.12:3434

AES_key

Targets

- Target
  
  dc4712f817e553e8371df12013c9ebe027056bdbd2aeb56442b5b46ac71f321d
- Size
  
  1.2MB
- MD5
  
  9c71138391b46bdc409b2127c7c9baa7
- SHA1
  
  ea7d6c968f085c84e2790a49986635cced746666
- SHA256
  
  dc4712f817e553e8371df12013c9ebe027056bdbd2aeb56442b5b46ac71f321d
- SHA512
  
  1951e1057e337f4a50a8d7b70ef45bba826096bb8064337bc78d30e07894f0ffce63b07d97d131602d219818d2f0ed94e10ddebffa3c08f9d239714edc5a67e2
- SSDEEP
  
  24576:sWTVd0Vv4B/nQz321KE9nx7olQmY32g/E0SMtS:saVTB/n432Usag/u/
Score

10^/10

hook banker evasion infostealer rat stealth trojan
- Hook
  Hook is an Android malware that is based on Ermac with RAT capabilities.
  rat trojan infostealer hook
- Makes use of the framework's Accessibility service
  Retrieves information displayed on the phone screen using AccessibilityService.
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
  banker
- Removes its main activity from the application launcher
  stealth trojan
- Acquires the wake lock
- Reads information about phone network operator.
- Requests disabling of battery optimizations (often used to enable hiding in the background).
  evasion
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

hookbankerevasioninfostealerratstealthtrojan

behavioral2

hookbankerinfostealerratstealthtrojan

behavioral3

hookbankerevasioninfostealerratstealthtrojan

© 2018-2025

Terms | Privacy