hook | 28aa131b1ef777995da0e7a63b369f194c2120a942e8cfe370222ed325990728

Analysis

max time kernel
156s
max time network
164s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
22-01-2024 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28aa131b1ef777995da0e7a63b369f194c2120a942e8cfe370222ed325990728.apk
Size

1.1MB
MD5

d18205664c3e3db7c733ef2844ef9c09
SHA1

91174240c632d273d163be217dc12b5209fe5dad
SHA256

28aa131b1ef777995da0e7a63b369f194c2120a942e8cfe370222ed325990728
SHA512

367814713afc264ebc21477f2bd01385bd156ff7024c2e41bed21ac23a4ad91a1e6b97391244b484f50124ca3b3a4707eae1d755e4dd2544cf925dfbe038e937
SSDEEP

24576:sMDZIPhrFuVi2VYAgU94DgvyS8ZAsmJWwjojDQUwg/CqHF:fDZIlIjVY9E4Dsy1k0wjufwg/5F

Score

10^/10

hook banker infostealer rat trojan

Malware Config

Extracted

Family

hook

http://93.123.39.77:3434

AES_key

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs

banker

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.getInstalledApplications	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tencent.mm

com.tencent.mm
1⤵
- Makes use of the framework's Accessibility service
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4989

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
8ac55433cd347efec5d2c348b72d2c53

SHA1
788048308e9d3df2da9aada0ec6e26f1d5817e41

SHA256
db0372a9dd35f0196970fbb42bc3f068b8b196b5e1441ff9df1e3ef231bfcdd9

SHA512
648c436e0d68d1676d9be7ceda1e755f8bb9ac7e5a62b51fb68af90de4abf0f719392d7a254981ee48339bff83a6db1ded7d2327ef9dcf7dc90fd766b0de56e6

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
a9cf4363ed12ea78da73f9b6fef2680f

SHA1
0fceb802790e620a690fe4b5efe75d8290c6a0de

SHA256
801edc08f9cdd77a9edb95156b3fae071ac31cd1007857ac7f08da7b0e86dcd7

SHA512
43adc4c17247654423aaf6f35dbfff88b086bde2a7e22c9407cd6c6fe3587d834b5650bfa7b84c79cd7c1d0085ae1af5ca3a39b103fec712ea246e9ddd138021

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
acf89826c1ba5042a7d1a2432ba84516

SHA1
834e8edfe51028e4838c00abd4518dc2625db497

SHA256
f4c93a2ca2e68c3a4677484bebf6fe4764084dbaf8222a3f9e748d946292a615

SHA512
779d10bc28ceebfe8106a1389728836596ff15250c070873e44991cec0277d263b8300bb23efc7d544ce65c00a164fd2cd81f780ed69525895c639ecf7897c35

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
b6c389ccd91150ed27c94e7276a1a2f4

SHA1
173168c9be3fce2e02f59aea4813fe891d863612

SHA256
d3e8e0c8b7af2dc7baf2657c51e540a33c28d23234d94991133767366322d215

SHA512
88ecddedf4a3f858d36e1d4899e36589bff127403f5af24ccce6849f6412e2a0db7c5684b53460eb3de99f43235b868ab6c06bd5beb01a5c0d523ee8fed2837d

Download Submit