hook | 2bd1641352c96b21dfa61088b708c907dd6b57e5ba919b6bb3a7c6bf649dc66b

Analysis

max time kernel
38s
max time network
139s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
08-02-2024 22:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2bd1641352c96b21dfa61088b708c907dd6b57e5ba919b6bb3a7c6bf649dc66b.apk
Size

1.2MB
MD5

ad5e53c3c1a9d830e4d5074a23b1ca7f
SHA1

138458bc2cf96c813f2ff108d8ceb2a9cbc18e3b
SHA256

2bd1641352c96b21dfa61088b708c907dd6b57e5ba919b6bb3a7c6bf649dc66b
SHA512

cf1abb7b240258b0c54f84c56d491cfec68fd75152dad4821b162ec04f4fb2d590beb1f9833c4f5327e7bb8e0763b38116282d068a6fe917c7ce64b57cdfa8ba
SSDEEP

24576:xj6ShpuJkeC0iOSqUPY25MA6K8aFU8RcGikBkwG4ugoCQpgS9ZL:jpu3qOVUHMA/8aFU6cd3QQpgSv

Score

10^/10

hook infostealer rat trojan

Malware Config

Extracted

Family

hook

AES_key

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tencent.mm

com.tencent.mm
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4623

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
9e2d2d3a770a042f970590c61c4822e3

SHA1
7b73edab3542ecb4f07981a9775b6b5945ef7182

SHA256
870944ceae36d43129ace5612a2672eb0c3ffcde39ddae2b3f4226c4693d7e6e

SHA512
4f84be9edfa8ca6622026a931fdbe902350235805c6eb2dc033b25b0b222b1f07c5c9671a8925970d204f567d82ae4b71fc8a4c9ac6486977c38e693e07fe3e4

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
9ec8997abf1bd43a32a99a9ae8594c63

SHA1
2395c495ca7575e461b5db4f1ede8faab6fc4770

SHA256
9a414073f58641f59b7745d737cc59d4efdbb1e5357b5ffecc06826b0eb748fc

SHA512
300c389cc34f8af6416523d2dc38c922b8dad438f4a53b4d23cbe44ae3d5ae4d97bcd516b121f4306aa6a80937ccfe8c8d7579d3166aed23e5cd00e8ca001073

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
4e7caf3376ad2dd665b36fc64b723ea2

SHA1
984540f67c864d08cf476290b273d797339ba2a9

SHA256
4be1a1466e98d10be7507209847744b158d22298895f2a998edde9436d15af4f

SHA512
fe6307cb7236315c7d0bf95a89a1ec4f82989715bb13a60a210e4145a68fbfcebd0eec692ca0600477ea4de5f5c8147eab18ed7408ed698fc741face3cfc5ac4

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
21269ef06953f1d8b8c9dbd9ec399db6

SHA1
8f740633f8e10409445f0da77f5e591c2b3f7d57

SHA256
e68a84ddef3e355253b50a07a54c8b176bec61b757cff1e348f4ce81aa59c756

SHA512
b7a25d0199ecfe068706aab173a45423961fb85a6c14c0772b481d68b4beb41e5c9c9d0cb431ae2356c07db333778cc2feb9dd9395982627a7efb5a7882d9d44

Download Submit