hook | 49b1a094b7abe2f2d0202cfc3023535d43b8450cf08e19647bb7127f22e5d739

Analysis

max time kernel
32s
max time network
152s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
24-01-2024 22:03

Target

49b1a094b7abe2f2d0202cfc3023535d43b8450cf08e19647bb7127f22e5d739.apk
Size

1.1MB
MD5

5f90d143a5de2341d18fc09d6977e27d
SHA1

0b3c79eaceb6fcedc61d7281bc08666c333c69b5
SHA256

49b1a094b7abe2f2d0202cfc3023535d43b8450cf08e19647bb7127f22e5d739
SHA512

bcb30c4ab6947bf31fe183e8d3cf234b076b4bbc28b34d9d68dc31971796fed9957bde69460c10ea4881a08c683cb9d26267ba9fa2689499af301c9157d314ba
SSDEEP

24576:zS4ik8yDvJ+iEGfXex8Ds1zoQQoip/ojyMxg/XvZKy5:zDR8yDQiE4eXj+/XMxg/Yy5

Score

10^/10

Family

hook

AES_key

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.puvovojegodeyu.pugi
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.puvovojegodeyu.pugi
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.puvovojegodeyu.pugi

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.puvovojegodeyu.pugi

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.puvovojegodeyu.pugi

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.puvovojegodeyu.pugi

/data/data/com.puvovojegodeyu.pugi/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.puvovojegodeyu.pugi/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
f91f66cb538ce8b684d48a3ec2b24432

SHA1
33162b68b75a0138df785a017aba8619a88da587

SHA256
dd7044788c4d94d93ddc642c97f4d9a3a1986e6ddc2aa681ad9a8803a4df8690

SHA512
257c1945d4a0b6709b8c434bd290b1d9afd4cd387c0d5e942d8091e4214eb368c97087161526d1323ff00177e798f857e3faee1f92ec68827c36c685f0ba402e

Download Submit
/data/data/com.puvovojegodeyu.pugi/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
0f55981a049a5538bb4e0684e521634f

SHA1
0bbc820fdcefcaa2564fded3632b1ca030a255ed

SHA256
99356a948f92af9f3d00b5413c23797b929f87eeb140f316bf7d673c9fb081fa

SHA512
a98d0ce14ab6a32039221840171ecfb0bb14582e916a477644eefbe225c0aab5b200ce8a2fd61dfa4cc5f587684b5d775708d1897b3a2efb89162fd74ea31c80

Download Submit