Analysis
-
max time kernel
155s -
max time network
167s -
platform
android_x64 -
resource
android-x64-arm64-20231215-en -
resource tags
-
submitted
25-01-2024 22:03
General
-
Target
9fafcb0b15af11c80844a7bb0441f321349a9cb6a7a838c8049b5a325d4573fd.apk
-
Size
3.0MB
-
MD5
f657f65a0a02bdac981d68609251f03e
-
SHA1
978bc99ff6c510e8befad1a889ee8dcc80d4a41b
-
SHA256
9fafcb0b15af11c80844a7bb0441f321349a9cb6a7a838c8049b5a325d4573fd
-
SHA512
e0189910eed9eba36428a81738e8247d93f0e13fdae88c10c6529685d86ac49072b8af84febceeb5a0873cec6b6155895d48ddb7609496b95e13a2a9f391df5d
-
SSDEEP
49152:4Vz4uWQlIeYoiA3NaID7c+0gdIfNR/sCRJW1WrN/j3wiAXtTCg/p/e:4VRRlIe+alDI+0kqNRFJWEZ/z3AXLe
Malware Config
Extracted
hook
http://185.172.128.91:3434
Signatures
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Reads information about phone network operator.
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
Processes
-
com.tencent.mm1⤵
- Makes use of the framework's Accessibility service
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD57e858c4054eb00fcddc653a04e5cd1c6
SHA12e056bf31a8d78df136f02a62afeeca77f4faccf
SHA2569010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb
-
Filesize
512B
MD52429d99648ede8639e74e96cafe03331
SHA1d4ae891a928e0dc56d6e3c310ade3dba4c908398
SHA256033c85fbcc55033dcfbe893754150386850cd630c9f5eaa70452d62c3dce8fb6
SHA5120f3bc2ba369446148b750c4064c75d7ebee9ba72844df3ee94ee221beba1e0c71af74fb8aeb883bb0a513d716d0be8666d7253558143d4530d63ba0682ec1b8b
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD53f97e660229e6f614cbbf4285cdaedd3
SHA13de75a9f162cc2e9f83247c1b304dd4883ff5ccd
SHA25607d61adc8f5b081b8299f120920064de4013083cd917b3bd0f1a76cbf8fe5008
SHA512a9c8c58405bd3a8822af39d465bc46949d7c40274f561c70dcf03cc46f18ede57e4d26eecbbbedd72459a60d3a2111286d12d6b381651a5fbdee54c0b181383d
-
Filesize
108KB
MD59345e9aa6ceb4fce68b1b54e165e66dc
SHA1f4b24e5a35a09811ec9a324422521917da085aae
SHA256a34fe5da9c86567bc8cd991cc4528687c4d6975adc20619e71f0070d0aa83ef6
SHA512227454353aa9d3bcf543fd5ab44382ef5a12bb74c6709ba5c7f44be8b5b3d0c8d04b5c7a0b53f827e879e9e3b5607bed002f3e1b3eafbd8cebb1de97ecbf64c7
-
Filesize
173KB
MD58eb5e7bca8ed89216b3e82d0b989dcf3
SHA13e9b292c0ddeb61d1b4f1b537d5248488433ed6d
SHA2569f3448f3712cd30cebb3b7284a3c5e6400ffe22acaab1da549cf0dd7f9c94c94
SHA51203152ed753e38ed93d1ca24b85b6185178dc4092f0bea51aecf6d22d277329628a8ed53a13520293076d84b2e76706c66d783e1da79e360f3b83376460123761