General
-
Target
fa573404d405f5ca3d2502e240cb5181aaf26dc0bf3db4ee4e01909c6c12428f.bin
-
Size
3.8MB
-
Sample
240208-1w3f3adb25
-
MD5
a8257430863a22831e1d8cdb11631c72
-
SHA1
0f28ef7b07d8d1e92a9f2b310bf060642a57372b
-
SHA256
fa573404d405f5ca3d2502e240cb5181aaf26dc0bf3db4ee4e01909c6c12428f
-
SHA512
c54c85eda2c08a7a8c07d43e8bccb7a372050937639c78e06cd3518ec9673e22a29f74ba0d25c5d49005ec380ddc82e7aad7db34a6e991e56df75c78369b17d3
-
SSDEEP
98304:fwRW6/qw8ebq4uKM7uyOBOjzxkRThoHWDxu8WD8X:4l5bq+RUSo8W8
Static task
static1
Behavioral task
behavioral1
Sample
fa573404d405f5ca3d2502e240cb5181aaf26dc0bf3db4ee4e01909c6c12428f.apk
Resource
android-x86-arm-20231215-en
Behavioral task
behavioral2
Sample
fa573404d405f5ca3d2502e240cb5181aaf26dc0bf3db4ee4e01909c6c12428f.apk
Resource
android-x64-20231215-en
Behavioral task
behavioral3
Sample
fa573404d405f5ca3d2502e240cb5181aaf26dc0bf3db4ee4e01909c6c12428f.apk
Resource
android-x64-arm64-20231215-en
Malware Config
Extracted
hook
http://aubhdva.xyz ; http://aubhtri.xyz ; http://aunuredvac.xyz
http://aubhdva.xyz
http://aubhtri.xyz
Targets
-
-
Target
fa573404d405f5ca3d2502e240cb5181aaf26dc0bf3db4ee4e01909c6c12428f.bin
-
Size
3.8MB
-
MD5
a8257430863a22831e1d8cdb11631c72
-
SHA1
0f28ef7b07d8d1e92a9f2b310bf060642a57372b
-
SHA256
fa573404d405f5ca3d2502e240cb5181aaf26dc0bf3db4ee4e01909c6c12428f
-
SHA512
c54c85eda2c08a7a8c07d43e8bccb7a372050937639c78e06cd3518ec9673e22a29f74ba0d25c5d49005ec380ddc82e7aad7db34a6e991e56df75c78369b17d3
-
SSDEEP
98304:fwRW6/qw8ebq4uKM7uyOBOjzxkRThoHWDxu8WD8X:4l5bq+RUSo8W8
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Acquires the wake lock
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-