Overview

overview

10

Static

static

10

dd397384d6...82.apk

android-9-x86

10

dd397384d6...82.apk

android-10-x64

10

dd397384d6...82.apk

android-11-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-20231215-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
  • submitted
    20-01-2024 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dd397384d66ed4fc68204dea467006a73d2e58c5b0c514a0d80d0fcc589bf282.apk

  • Size

    1.2MB

  • MD5

    46e17803ceda35d70a8a6188db14d9f4

  • SHA1

    1ee1bd3028ef181abb541fe43b854964d3c81a10

  • SHA256

    dd397384d66ed4fc68204dea467006a73d2e58c5b0c514a0d80d0fcc589bf282

  • SHA512

    5152b146e36b549e50a6f832af1bc91cbabee38ae282648dfbbd62f6913a3931014b8f6bd0513989c21bcb041e5f38034d8c04fbc05a73d7adb7d888e27132c1

  • SSDEEP

    24576:bcCIPUBS1Hagj9KEgNzOrKschyZopu8+ESELgSZe:ICIMY1HaggEgNzVz9gVELgSM

Score
10/10
hookbankerinfostealerrattrojan

Malware Config

Extracted

Family

hook

C2

http://93.123.39.77:3434

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
    banker
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5082

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    3fd180f39b6ad8986da35f4360a8d5ee

    SHA1

    255026f17ab62bf4ef25af6a3beaf726c96069db

    SHA256

    a9ce1657e4b40eb661fbe78ca2f6dc717a5d1f4ae90e942810fc29ba95a7bfa4

    SHA512

    e40a23b0c9d460d68562d6f8059765d72c99fa27e2cb1850456fccfb06b7a11348520e511d4accf89553fce617d70bdae172f40ae57ed96f4ad170fe12e30d01

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    3b14dd78ae791504e1aabf664779d2e3

    SHA1

    c949003bfaa110db9e50ac987e5691fd97347add

    SHA256

    748f4e277b2e07aae40b3074ab9729513c8aa3c7c0b65506c229c30049bb54af

    SHA512

    6684e88e0aae25d5b90411d77fd6a11292a03721ce5caab8b8012639421498a03ceb252a51f5f8d2671478f76621c8905e75550e22e290dd4e7d160572f17920

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    71ff25de5b9441dd49b2ca407ebd02ff

    SHA1

    0a45c275d90c728c2937062efb003bc937babe70

    SHA256

    80e520c69e781cd56ef20ceaae29cc6ae9c74837373e52d3406aaa8bf49c903b

    SHA512

    7dae2a50167e9931190c0d56566a4047cb4cd7d48bdcccddabfa8ca5d692a6772f30412239edb3a615ebc82677734361bfa95745a70be75a8e44560809b376fd

    Download Submit