hook | 6bf19a4ad7ab38a5bac8b7aeeba553c62acc5b45c2b01e83def8de5dd1025411

Analysis

max time kernel
42s
max time network
156s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
22-01-2024 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6bf19a4ad7ab38a5bac8b7aeeba553c62acc5b45c2b01e83def8de5dd1025411.apk
Size

1.2MB
MD5

d56348a730152e40089563d47a40a253
SHA1

c919bb40b2eea5d65e0bb3b5d42807b05bfe7816
SHA256

6bf19a4ad7ab38a5bac8b7aeeba553c62acc5b45c2b01e83def8de5dd1025411
SHA512

e8383ae1887d024185406e36b35d611a163ff8c4532769a6a5370574cd3b521cb6a55d6f553056cff1ea2a2cc26426abe431f68783575113ad1bfa1b0f31218b
SSDEEP

24576:Oc2R6VbldKXkXEYrCU51Q+7J69GP7XnmF1QlACAUX4e4ygSyO:OcC69x0reQ+NYGTsmqhePgSP

Score

10^/10

hook banker infostealer rat trojan

Malware Config

Extracted

Family

hook

http://93.123.39.77:3434

AES_key

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tencent.mm

com.tencent.mm
1⤵
- Makes use of the framework's Accessibility service
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4249

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
1be617495d8fb439417dd9f4247e6b24

SHA1
d809fd3aa32876773938a5617a9744e4db85031a

SHA256
06265e9c46362454f32104094875b67281169eca8bd4a725d3c739a4694a1786

SHA512
397d46f6387175d039cd82f330a9ef28124176c6cf3be804ba1f1d3b0dfc0ac438489bcd7d74c573428f39cd604c80b193b357184c9797bf33a04e3b793f0df7

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
a9473822ea7281c61c29d7ac2a8b4ae3

SHA1
cd25274dc4f10eb0f0aa35d67b903ea179e10e80

SHA256
379ca7f73a88a777906f731b0807a7a264e6e4c019d66074e4a41138144d1c45

SHA512
f7957e97eae618798d9ca5a676d2dc53180ff17fe8f22bf66b3172b5c51973325f71e0b11e35d27bda30975612e56a8a32b0eff14265e48ae596c34bc9817cea

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
42a7b20a998d8878179d3a3f667b3ea7

SHA1
299495ae1355205c8b0b73083a3dd2d307676a66

SHA256
92226dde8b2b4e769e49084c02e51b0e86ae59d402591e41efc0823c2861f18e

SHA512
9484ebb9656e767c11dddb16a0d340043d7b729836892034b810c044a6d9ee640feba316971ab0202c2ff96752b1eb568ef995b351dfceefc9cc8f37b19da942

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
49c38380090c3aea38f2fa0881f64590

SHA1
7a4d7b72242548f8794841b76c3760b2e0e392cd

SHA256
91c5d7469701ae77d36ece2c63c7bd3176cf7de4eeae6774ad90dbddfedaf1af

SHA512
7be2da8d06c909d35a1c84a17d2203748bcd94cc58e3726ad5f2af5cda187f1d4da92365bdeedeceb1e96f8a1321747d00c2fe16e7cff6d7133f18406f8e7cdb

Download Submit