hook | 6458c39b417c7d61028c5187b083c92fd74a77694cd0958b7f48249c9ff1297b

Analysis

max time kernel
150s
max time network
158s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
24-01-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6458c39b417c7d61028c5187b083c92fd74a77694cd0958b7f48249c9ff1297b.apk
Size

1.5MB
MD5

2d394b49050f9d5280a010774301b46e
SHA1

f786cbbdadc23884dc4d1def78870611b0248ca8
SHA256

6458c39b417c7d61028c5187b083c92fd74a77694cd0958b7f48249c9ff1297b
SHA512

77f49f62ea63da3a2abab6a912118ca3d49830e73fb9a9fce60144c7f51c6ac3407a21cada7bd6f825d6efccd37260af55392ee4f70ebfdc5e83d79c46555ae8
SSDEEP

24576:Hw/7W29sPCKOvEeyxkYG2PBaPnsiYB41oIDYUvsp6yqymn9+uZvaoqiLGbeg/lbU:HwTWMsPCHwx1TpaEwvvnqe9zYoCbeg/+

Score

10^/10

hook infostealer rat trojan

Malware Config

Extracted

Family

hook

http://135.181.168.156; http://135.181.168.156

http://135.181.168.156

AES_key

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tencent.mm

com.tencent.mm
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4629

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
6f42f45e608413cf94789dbba90e582f

SHA1
50b4295c862b21fbba80c480a073008b4b70684c

SHA256
bb79e1241f773d9872729e6efa91b6f581cf9ef37041236bb86b7f2dfc8b94f7

SHA512
3adc00f7771d4f054a39a811f003679dead151aecb3de4b582a063e75c37dc41c77d4fe388e61987203084604b7a7a4f0f7f9bd47958330b642cf73705fb31ba

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
5ddf005043bc927bea98ec8d02115fbf

SHA1
06d43a72ec2f8d89592453b9642988ad0b85ae09

SHA256
b42feb3815ce393d4d2c76129f0930374056376d52f8e768fb1e09dd311ae22f

SHA512
7d11923b45bf6a7a457807ab8401124ee976ee06229be90eaaa659e4e32735c51152af0628a0841658a61ccace7507a83286dc5767c4927ed7a85ae6adbc8a0b

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
a2df089dc789c8dd04549d53997c923e

SHA1
3c75ad2d3eb7d2af2cfdcd4b72a59be38ef30b60

SHA256
e7f9bc2836069bf6171b46557fe02197cfe3ae0dab23f085c10288034301fa03

SHA512
a785bb960050746ac3085fc27b4edcd5804f2e2e64860239530fa8baf0c8ffb000c81a4e7830cce7493f6f290fdeb8a270a550fd8baab48d04e434f77b675238

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
156KB

MD5
0356eda9739a0709e5cc8d4da68b7a3d

SHA1
efc91de6a642c32d54fcfce7978a8a43d7bdf688

SHA256
c2b90e5278416a437cc26e4084c31d751cf5b4088a16e936256253d06d7911bd

SHA512
f0113e8f1044b1e4c7f998836bb57d131c85962b18180485cb135a1fca7bc8fdf410c32c62d95faad0f5451ff51535b125107d2c307462df844b30ce26c1aa78

Download Submit