hook | 49b1a094b7abe2f2d0202cfc3023535d43b8450cf08e19647bb7127f22e5d739

Analysis

max time kernel
150s
max time network
155s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
24-01-2024 22:03

Target

49b1a094b7abe2f2d0202cfc3023535d43b8450cf08e19647bb7127f22e5d739.apk
Size

1.1MB
MD5

5f90d143a5de2341d18fc09d6977e27d
SHA1

0b3c79eaceb6fcedc61d7281bc08666c333c69b5
SHA256

49b1a094b7abe2f2d0202cfc3023535d43b8450cf08e19647bb7127f22e5d739
SHA512

bcb30c4ab6947bf31fe183e8d3cf234b076b4bbc28b34d9d68dc31971796fed9957bde69460c10ea4881a08c683cb9d26267ba9fa2689499af301c9157d314ba
SSDEEP

24576:zS4ik8yDvJ+iEGfXex8Ds1zoQQoip/ojyMxg/XvZKy5:zDR8yDQiE4eXj+/XMxg/Yy5

Score

10^/10

Family

hook

AES_key

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.puvovojegodeyu.pugi
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.puvovojegodeyu.pugi
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.puvovojegodeyu.pugi

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.puvovojegodeyu.pugi

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.puvovojegodeyu.pugi

/data/data/com.puvovojegodeyu.pugi/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.puvovojegodeyu.pugi/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
5e748036730b875f4704fe6702e557ec

SHA1
2fdcf70d84f25819e4f8ab37099f27e6314efcb0

SHA256
965e116abfceab820b0cae9a2fea995ca6d4ff1c51b39630f93fa9379fa9f6bf

SHA512
e367a76ee0f11872d16d5353a2b5f1d19d83def2dfa0300dba2d78b3f8f34ace5b73d0160fc4597ddfa87ac9761447d35dceaf3db1be309e6e44785d28f6ae26

Download Submit
/data/data/com.puvovojegodeyu.pugi/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
c49a5033a83ce947686ecb7214fd97df

SHA1
072935d16ccc9f69c03f4a32dee4c992651e333b

SHA256
4ca959723ab35e9c785e39d6282299f3b8cd83ac87031e5820cf022e42ce65b0

SHA512
8ad2e7161eaca1dc0c806e2a245ca8b8252e0df9265e300e63938b06ecf1bfdbe642cccb3cd8a22c3ede7c9396baeddaed2e96331d748458d3a5bfc738b27558

Download Submit