hook | dc4712f817e553e8371df12013c9ebe027056bdbd2aeb56442b5b46ac71f321d

Analysis

max time kernel
2898005s
max time network
159s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
27/12/2023, 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc4712f817e553e8371df12013c9ebe027056bdbd2aeb56442b5b46ac71f321d.apk
Size

1.2MB
MD5

9c71138391b46bdc409b2127c7c9baa7
SHA1

ea7d6c968f085c84e2790a49986635cced746666
SHA256

dc4712f817e553e8371df12013c9ebe027056bdbd2aeb56442b5b46ac71f321d
SHA512

1951e1057e337f4a50a8d7b70ef45bba826096bb8064337bc78d30e07894f0ffce63b07d97d131602d219818d2f0ed94e10ddebffa3c08f9d239714edc5a67e2
SSDEEP

24576:sWTVd0Vv4B/nQz321KE9nx7olQmY32g/E0SMtS:saVTB/n432Usag/u/

Score

10^/10

hook banker evasion infostealer rat stealth trojan

Malware Config

Extracted

Family

hook

http://198.186.130.12:3434

AES_key

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.tencent.mm

Removes its main activity from the application launcher 1 IoCs

stealth trojan

pid	Process
4626	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Reads information about phone network operator.

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs

evasion

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.tencent.mm

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tencent.mm

com.tencent.mm
1⤵
- Makes use of the framework's Accessibility service
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Removes its main activity from the application launcher
- Acquires the wake lock
- Requests disabling of battery optimizations (often used to enable hiding in the background).
- Uses Crypto APIs (Might try to encrypt user data)
PID:4626

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
5496365ef389a0f506c52ff6e8ea18da

SHA1
bd68e3929327dbeaf999642f7252a53d6870246c

SHA256
6b0ff948fdbcecf8d4d6dca71ce153679c70b6df89fc7532fe0b81587053db6d

SHA512
ccd35512fe586e15209066656a0dc3a8e12c69bce8f9a6206f6f6cf48738c19d90e0603e72df8a01e01186911e72008cacc913d388fb8f7f5504bcdbbdaf55c8

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
a009e6651de162773b0735b897ad8a8a

SHA1
bf10e5a9a1280eb7d7cc1674b8358a0e0784998b

SHA256
64bd27eb2df0da237cb39d92006d1958bb264e6d3e028f8f6d6cf41ce5468147

SHA512
f4cfb27eb465204c41597d5cab93f385ceee547f8058a969836d0def6de7546ab4e964a381e2fefc04a67c3de3dd7cd6637d71b696001a24449d845c03f6cd58

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
6ead3b45b0df2698e86e1840295664e2

SHA1
a485c481a61075435a86442ad7bdbc1bfcabe0bb

SHA256
87f94ef6057402bbff30bb09507ab1b9d6725e0a8b772b0ad52df27513a21050

SHA512
3bcec846c6beaca18198e866b5cb37462aed49888250e1a5ae7ae716d0e95b33c9a17b2acab15980ea2dcd9b117c8e634ea2fcea78aa4b051bcc3962b0213b33

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
148KB

MD5
4d66be48b966226b2c7c934d5f8bf50d

SHA1
70ca1a744680c0f0996712e01d5fba24445d7aed

SHA256
0a17eb7adb861f3ef6298225e4ea363dff9401be8db622ca139eb5e7c9711b2a

SHA512
8495a1c9c4daed6325b92ba010b1a130aeac6e55cda54bb90e75a4e6db8293b061e3e3b8374c95fd37e50e617b431cfded20aab11216256a3fb3c2f4a309ac82

Download Submit