hook | 98ec0c587100d35500cf64dbea79054417477522438e55ab2949ce079d6278c9

Analysis

max time kernel
152s
max time network
165s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
20-01-2024 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98ec0c587100d35500cf64dbea79054417477522438e55ab2949ce079d6278c9.apk
Size

1.1MB
MD5

d2ceaa255c3c2684d843e3d8e25de89d
SHA1

f65a3cf7fe2c80d9727f72b7a32efe6dc9352066
SHA256

98ec0c587100d35500cf64dbea79054417477522438e55ab2949ce079d6278c9
SHA512

47aba42179b3a9eb161414783fd36ab96a649f2e19b44a0bdd1e34510233a4725f95c854715e5b0b2e3b19be17156f5952000d2d3f33be62a4671d913ba831ff
SSDEEP

24576:5/9BNPqJQT/JSuC+0SvxQnTgyZmeSuoj4Tkg/88H7:7qJQT/JSulZSkWlTkg/t7

Score

10^/10

hook infostealer rat trojan

Malware Config

Extracted

Family

hook

http://172.16.39.137:3434

AES_key

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.yumafudibavufu.nuxu
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.yumafudibavufu.nuxu
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.yumafudibavufu.nuxu

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.yumafudibavufu.nuxu

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.yumafudibavufu.nuxu

com.yumafudibavufu.nuxu
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4610

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.yumafudibavufu.nuxu/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/user/0/com.yumafudibavufu.nuxu/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
11c9bb5d75f130e46ce43c886a4959ce

SHA1
befcf52d832d1d6182b552ad5f7551abf5316f43

SHA256
cc80dca617528c7be3d496391c23353de2e8ea1a0de3a0e82df6c066aa080efd

SHA512
1aa331e714fa16a5fb02b5b9c08408dc2e3b6875470ae0763120eb283fad633c6011b16f50fb870d35bcbca35771acc5bf0b7005f188b1c4be0f4b13a1e25bf8

Download Submit
/data/user/0/com.yumafudibavufu.nuxu/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/user/0/com.yumafudibavufu.nuxu/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
e3c212c46e8bba321eb3d988c6e65899

SHA1
afb790aa056dcc0b735aec1703830dd555be8247

SHA256
a008899030f811a97750e0fbd958ce3685a1e4c8e8e979bda9f4fc0591e489d5

SHA512
2ee4fd57ef05739ea70707d33e709a3b61ab3bb4741ae4569fd97220c42ba1ddb2b5837054ea1690d21d28cd3143073e837cc7dd040af30a1e2848c32183e0f9

Download Submit
/data/user/0/com.yumafudibavufu.nuxu/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
dba9cda5b38948e598f2856e172a5a64

SHA1
b46761946faa9affd518172761d21e61d8fa26c1

SHA256
e47ceee80fe118ed473029651743fde8273ad5a6ffd7b9793cf8ca2f5593ccba

SHA512
ddf5e9d78d64677abae67ba423e130b6bf6b69dd72e23fe72f318aece34bc99e9e7f91d68e5cd52b50605c30190c98885c4092dcf58de19fcb3fc0a9c30eecce

Download Submit
/data/user/0/com.yumafudibavufu.nuxu/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
f4c2d548e54a7fbe801b09b8774ab4fd

SHA1
c300bdb7e5dc30ef05f1aec4bbdd448ee2307c40

SHA256
c87c0e58c346f52723d06a0da477de4850711640007c2aab97691f317c78ca76

SHA512
c861563410b58444a43964b275d87e8afab3a2a6f6dea49323ca56a5bb55862589a8f1b4445fbd5ff81b053801f2f2a17fff277892d6cec12e82ce5d94b9c47b

Download Submit