hook | 6fd741480791e7cdf99881379603ab5a0b3dd840c6298e8e424a37dbcac99602

Analysis

max time kernel
36s
max time network
152s
platform
android_x86
resource
android-x86-arm-20231215-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
submitted
08-02-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fd741480791e7cdf99881379603ab5a0b3dd840c6298e8e424a37dbcac99602.apk
Size

1.2MB
MD5

6f3dba242c2264acee7d8628c8401838
SHA1

27f923ef644b588e0bdfa481e76454adafb9136e
SHA256

6fd741480791e7cdf99881379603ab5a0b3dd840c6298e8e424a37dbcac99602
SHA512

b60f5059a898ef17fc79321702ea1cc73ac746b4354b09e887f12ab0050c071d7561b513cfc56faf97254032f678b32b216a9e50ace01cc9615d7dd72180d31f
SSDEEP

24576:Vc671ECkx1Mp8dr2m6CbqkZ8Kesb6z4ke+sUMCojIZ5g/5yLg:Cikx1g8df2kZ8oWEdAJZ5g/4g

Score

10^/10

hook infostealer rat trojan

Malware Config

Extracted

Family

hook

AES_key

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.dugibanuwewi.bere
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.dugibanuwewi.bere
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.dugibanuwewi.bere

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.dugibanuwewi.bere

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.dugibanuwewi.bere

com.dugibanuwewi.bere
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4245

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.dugibanuwewi.bere/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.dugibanuwewi.bere/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
e80f84e36a66cdd2f1ab07103439026d

SHA1
9ae92395dcd81634d911df1a821f336ba6615027

SHA256
b0b85c2138fa1368b73c0cc76fe6b7bc751b9e5d355aa93e8fca287a01c073a9

SHA512
43d2abab5cc15d9fe71ffb33fc26c190b6266e6908b215f2715ea6c9087bb571d0638703f77476af09f0da679f180272e71bf41d73590104f942dad6969be2af

Download Submit
/data/data/com.dugibanuwewi.bere/no_backup/androidx.work.workdb-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.dugibanuwewi.bere/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
50b6d7f6e67af63bfc69187ff61a67a8

SHA1
fb97d8785a44621ddd4a109578534e612e678c3a

SHA256
2955936e47b3544d31c57afae8126703a352edcc075e54810e661243cb09e3b5

SHA512
88fc81ce345e31d606540277c5c2da1b5a4a64fc9c57351cc756d455b0669dde7862dfcced84e27edba71d6c1557da03cf3acbfc64a476f74e5a50a6d78fcf69

Download Submit
/data/data/com.dugibanuwewi.bere/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
74f6bef3104495d67781686a905dd9d2

SHA1
ca970cae8bb9e31ebc2f3945d3d9af2a3e6bf9e3

SHA256
cf7cf5203f6bb8c14a9c936ca32c4e9bf593fbc9f23d1ae15dc00696938e438d

SHA512
6f82bff3a59d18b8b018ee44eb490c632df45a145e3ba13f92fc1df2e02143085bc445d099c705ebd0918557ec0d2eaed9ceedd6e87705162e7de49671f8577f

Download Submit
/data/data/com.dugibanuwewi.bere/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
28d7e89252cf8a01814f1a11768bad7d

SHA1
6c2aa360161a98a23aa7c54248c7c72159ff54f5

SHA256
cce84bd48058e4977962bf71b8f4b19653e1fec97b6559274cdb5060a44709ee

SHA512
f0dcd9ccb8a4906a37b59a5d8fd02375f4e40a3a391c49c0457109fce16e14a2cff44693c6e65f2f2153a78381175babc29830bd87cfcad6ab0fc93ae9272c8f

Download Submit