General

  • Target

    fa573404d405f5ca3d2502e240cb5181aaf26dc0bf3db4ee4e01909c6c12428f.bin

  • Size

    3.8MB

  • Sample

    240208-1w3f3adb25

  • MD5

    a8257430863a22831e1d8cdb11631c72

  • SHA1

    0f28ef7b07d8d1e92a9f2b310bf060642a57372b

  • SHA256

    fa573404d405f5ca3d2502e240cb5181aaf26dc0bf3db4ee4e01909c6c12428f

  • SHA512

    c54c85eda2c08a7a8c07d43e8bccb7a372050937639c78e06cd3518ec9673e22a29f74ba0d25c5d49005ec380ddc82e7aad7db34a6e991e56df75c78369b17d3

  • SSDEEP

    98304:fwRW6/qw8ebq4uKM7uyOBOjzxkRThoHWDxu8WD8X:4l5bq+RUSo8W8

Malware Config

Extracted

Family

hook

C2

http://aubhdva.xyz ; http://aubhtri.xyz ; http://aunuredvac.xyz

http://aubhdva.xyz

http://aubhtri.xyz

AES_key

Targets

    • Target

      fa573404d405f5ca3d2502e240cb5181aaf26dc0bf3db4ee4e01909c6c12428f.bin

    • Size

      3.8MB

    • MD5

      a8257430863a22831e1d8cdb11631c72

    • SHA1

      0f28ef7b07d8d1e92a9f2b310bf060642a57372b

    • SHA256

      fa573404d405f5ca3d2502e240cb5181aaf26dc0bf3db4ee4e01909c6c12428f

    • SHA512

      c54c85eda2c08a7a8c07d43e8bccb7a372050937639c78e06cd3518ec9673e22a29f74ba0d25c5d49005ec380ddc82e7aad7db34a6e991e56df75c78369b17d3

    • SSDEEP

      98304:fwRW6/qw8ebq4uKM7uyOBOjzxkRThoHWDxu8WD8X:4l5bq+RUSo8W8

    • Hook

      Hook is an Android malware that is based on Ermac with RAT capabilities.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

    • Acquires the wake lock

    • Reads information about phone network operator.

    • Requests disabling of battery optimizations (often used to enable hiding in the background).

MITRE ATT&CK Matrix

Tasks