hook | b362840bd046d1bd4632ce0cc5409feea4ef868f1f8f3ef1d6cb726a44b280f2

Analysis

max time kernel
150s
max time network
159s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
08-02-2024 22:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b362840bd046d1bd4632ce0cc5409feea4ef868f1f8f3ef1d6cb726a44b280f2.apk
Size

1.1MB
MD5

ee65a8788025a0cbda72696c330bf315
SHA1

8cd6f2398e3ac34a3ae30d4cbfe56385b10987a2
SHA256

b362840bd046d1bd4632ce0cc5409feea4ef868f1f8f3ef1d6cb726a44b280f2
SHA512

b570ea1b0ca3a1252e2601532022639efa6efa1ada8885413ef933defaee73ce1cd44651a7fc6ec7086fdbcee47ae566d5e045dbbfef4312351bb015bf6a0f8c
SSDEEP

24576:MJwCWpW6tMjahNNIDQpK7GFbwjojyGE2g/hVT2:MJwjtMjahNRlwjXd2g/32

Score

10^/10

hook infostealer rat trojan

Malware Config

Extracted

Family

hook

http://93.123.39.235:3434

AES_key

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tencent.mm

com.tencent.mm
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
f18394c0cec943fb2eda498f2b719614

SHA1
38cee6ba22bb9649196ef1725e3d0fdb4d68e7fd

SHA256
d8153c62746f707c8e142bacd10ac2f601f10080b77d816bbcf39cfca75f2608

SHA512
31e0923ca1b837db1440afe7eca207294b6a1b71e5c995b47b19ea4fd84dcce5387948800dbb77bba272e9379f59cfda55fb4ea9e4f64a6ce226179f046d9934

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
3083d52f8a96e3f5767660c6fc39868b

SHA1
ab74f2a6675b888bfc333165d33801b94b251013

SHA256
c221cf3da4ff2d0758367513c64e9e04d2344d664054ac34b3660e74fcb22084

SHA512
de1928f94b23e03bae48dd3d303da2d853d1b9f1670da08a0ab186688343fad75636b8aa4c38b1229db5a3e6e1c237f62137bb148e6f1bff5b11977ff0eda14b

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
13c39efb96869b9bcf65bc23e399cac7

SHA1
ba3d4b7dcd41d99a340cb7bab3eb0daa599ad4a1

SHA256
b16884ff2b81b7e9a0737468f49a285e76e6bc98f54c038e7662c5bb837b11a6

SHA512
cbac7dcd873952dbeafbe1dd52274edf5c4bd708483af0c60ee46e13b3b81834fb57fe1eccebbf2f2ff86c462fa7ddf2b613b82b9a644a65d46d7600ef2d4fb6

Download Submit