Overview

overview

10

Static

static

6

dc4712f817...1d.apk

android-9-x86

10

dc4712f817...1d.apk

android-10-x64

10

dc4712f817...1d.apk

android-11-x64

10

Analysis

  • max time kernel
    3124748s
  • max time network
    160s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    30-12-2023 10:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dc4712f817e553e8371df12013c9ebe027056bdbd2aeb56442b5b46ac71f321d.apk

  • Size

    1.2MB

  • MD5

    7c466ce81527867aa98ff5f187e54bc4

  • SHA1

    e394e2a93af3e746bbd87f2db3ecabf68ee45ba6

  • SHA256

    96d9021b3f63da9378e9208b640ebb670906718012db902a400ba101dbdbd3b6

  • SHA512

    dc084d7338b41c95b72fbd44c70f2c4dfd3864297eab96d173f58cf3b71d9bff9c068a971686cae8257d560143dd50afac3e1afcd807a5025eacc2631936cbeb

  • SSDEEP

    12288:CUZFO7Nq1wryobO83ubYZtsZcoc1IkcxxhtS/7iwbO+yq39DCn0yKLRrp8cWxgii:C6YqL83ublicCy+yq3kn0yIRrp83Gh

Score
10/10
hookevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

hook

C2

http://173.254.235.53:3434

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4599

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    b859795510d43c418cfe0430f7e7a67e

    SHA1

    3b5a4457c18e2c6f9a6b9be1caaf4af62d563d3b

    SHA256

    32c735e8bef17a9bb34056e79402650f4a41fa5cddcd2f201f1ccf0d45373e2a

    SHA512

    80327b8625f99cbc60b642db3e8fb5eed9d761591cd4167bb1d2fcb85ef35e2ba72b237a0b2870d84ba51f0b67ca17754c811ea4c3eb050ed89f5d452f0f6665

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    eb22513b1f42d1ef539cbbf3da787d91

    SHA1

    5ec3cc684bab9edafc80e05c4f111307baa10477

    SHA256

    3b5a9f502903b4d0c68c10b1e840e983bed909d61606ccc464b6d7e5666a80fe

    SHA512

    8f659e7d0650f7597a6b5e752e019e8ad4c1f4c0a995bc4a0cf6cf847c366af482a45021bebcdbb57ce16018426b8f7540ebc76150942bbeb53549d921a7ddc9

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    ebac4d46d9b6ac7030f5521c668f8746

    SHA1

    016daff4dace11fb67be9142161fb5d3ed8425e5

    SHA256

    a1f102ebdffb9f065602fd78f3417775572757f739e8bd32baff5b0cd0302efa

    SHA512

    1c3a949ecccb4535ec2c8530fa42fd63bb55c07e43b8b6c0d61527d84028380ab78132bbf156acd5b18025e4100a409feb10339948718b5f4ca805cf135f1d35

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    541b1c73493126c086dc4e7da0df47c5

    SHA1

    d4da0651d2446a91bf0480e177e2d0df86650dad

    SHA256

    d51f8ebe4b59ff24781566a0beb4d2a2db8b7b50091c38ba1631f95af803f8cd

    SHA512

    0846c75b8e16e1b5af4a8cde7e53e88aef9d8b1e9b163c512650f076cf7b6647a957f690dcfcfb76170d1749eb4f10c283846ef092389a2e8c8f52168b689b0d

    Download Submit