hook | 98ec0c587100d35500cf64dbea79054417477522438e55ab2949ce079d6278c9

Analysis

max time kernel
149s
max time network
158s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
20-01-2024 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98ec0c587100d35500cf64dbea79054417477522438e55ab2949ce079d6278c9.apk
Size

1.1MB
MD5

d2ceaa255c3c2684d843e3d8e25de89d
SHA1

f65a3cf7fe2c80d9727f72b7a32efe6dc9352066
SHA256

98ec0c587100d35500cf64dbea79054417477522438e55ab2949ce079d6278c9
SHA512

47aba42179b3a9eb161414783fd36ab96a649f2e19b44a0bdd1e34510233a4725f95c854715e5b0b2e3b19be17156f5952000d2d3f33be62a4671d913ba831ff
SSDEEP

24576:5/9BNPqJQT/JSuC+0SvxQnTgyZmeSuoj4Tkg/88H7:7qJQT/JSulZSkWlTkg/t7

Score

10^/10

hook infostealer rat trojan

Malware Config

Extracted

Family

hook

http://172.16.39.137:3434

AES_key

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.yumafudibavufu.nuxu
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.yumafudibavufu.nuxu
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.yumafudibavufu.nuxu

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.yumafudibavufu.nuxu

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yumafudibavufu.nuxu

com.yumafudibavufu.nuxu
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4978

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.yumafudibavufu.nuxu/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.yumafudibavufu.nuxu/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
31b8ccd4875f193b439fd7e1651ba976

SHA1
be2ca65b1aeb9a8f0352caecfec88cc3fda273d4

SHA256
e259d9c3682c37cdf8d6c7a99e880675598f024ade2fbde686099cb52ad52a25

SHA512
7393d8ed920cad0c0505cb69dc3b4f7358d7ca6e8585eaa75027e3d317cb4b613d6f2a5e23c63f92b9e43b92800fc5784e25b27b099f84855d89a460556e84a8

Download Submit
/data/data/com.yumafudibavufu.nuxu/no_backup/androidx.work.workdb-shm

Filesize
20KB

MD5
daa100df6e6711906b61c9ab5aa16032

SHA1
963ff6c2d517d188014d2ef3682c4797888e6d26

SHA256
cc61635da46b2c9974335ea37e0b5fd660a5c8a42a89b271fa7ec2ac4b8b26f6

SHA512
548faee346d6c5700bb37d3d44b593e3c343ca7dc6b564f6d3dc7bd5463fbb925765d9c6ea3065bf19f3ccf7b2e1cb5c34c908057c60b62be866d2566c0b9393

Download Submit
/data/data/com.yumafudibavufu.nuxu/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
e16c7960500a11dd4af15e96262bcb84

SHA1
00e6bfc8e511ae01c145283da7afde2fd6966498

SHA256
fc843dc7d7f0b07507bdce656b72fd7d8ff52f03c22862f9ac4c783cb31c9b71

SHA512
ae0520bbce106ff964cc55ca45fb6f8460e45ca55c8f8d69e03124c87395b081362a7ccfee671e2429d8990888b9e090ea6fb5f620080496a951bc51406dd121

Download Submit
/data/data/com.yumafudibavufu.nuxu/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
25eb0ec32ec69a1a71e2bb43844c9e84

SHA1
3609bf1a5c9bada4d8292d6cbedbeabd698d4ac6

SHA256
f7f8e789d1fa8222469c76d00ac2ac8139d76b6148830681e436ebd4e53f5261

SHA512
777b1da42e4aadc8c90318dd8f270993437995ee132493c71597a92bdd19aab37a9cb0be93e7a23d78ff45bdf0b50c1a15ccbae2698bfccde991d84a8ee4b8ce

Download Submit
/data/data/com.yumafudibavufu.nuxu/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
bfbfcb0b286ae0371fa59ade621f4c65

SHA1
a10c2cbe62c366b1c6d5ac7d8b42cd3759ddd1e8

SHA256
08a27b3ebef04393a293968780801dedc34567b4c02d407d81089b7d1bc31dbf

SHA512
e120eb75440376de825068231581a789c6d642972d869645cd2939852ade234a51e91b60d6e0bac26bf8318b75d0be65d9c41f172ef418e86b1d66f53a0169b4

Download Submit