hook | 6fd741480791e7cdf99881379603ab5a0b3dd840c6298e8e424a37dbcac99602

Analysis

max time kernel
150s
max time network
160s
platform
android_x64
resource
android-x64-arm64-20231215-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
submitted
08-02-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fd741480791e7cdf99881379603ab5a0b3dd840c6298e8e424a37dbcac99602.apk
Size

1.2MB
MD5

6f3dba242c2264acee7d8628c8401838
SHA1

27f923ef644b588e0bdfa481e76454adafb9136e
SHA256

6fd741480791e7cdf99881379603ab5a0b3dd840c6298e8e424a37dbcac99602
SHA512

b60f5059a898ef17fc79321702ea1cc73ac746b4354b09e887f12ab0050c071d7561b513cfc56faf97254032f678b32b216a9e50ace01cc9615d7dd72180d31f
SSDEEP

24576:Vc671ECkx1Mp8dr2m6CbqkZ8Kesb6z4ke+sUMCojIZ5g/5yLg:Cikx1g8df2kZ8oWEdAJZ5g/4g

Score

10^/10

hook infostealer rat stealth trojan

Malware Config

Extracted

Family

hook

http://192.168.42.132:3434

AES_key

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.dugibanuwewi.bere
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.dugibanuwewi.bere
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.dugibanuwewi.bere

Removes its main activity from the application launcher 1 IoCs

stealth trojan

pid	Process
4609	com.dugibanuwewi.bere

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.dugibanuwewi.bere

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.dugibanuwewi.bere

com.dugibanuwewi.bere
1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4609

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.dugibanuwewi.bere/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/user/0/com.dugibanuwewi.bere/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
7be29dde360a88ae330967271fb8931e

SHA1
6a6ddd694bbf36a8de9a31bf17eaf8f48778844c

SHA256
ddfd4fb83e1a2a22a5998aab37af7e3a9aaf824c2d6220ea66c3a09b91f3ff4e

SHA512
83c6d4cd8474b9f3f99e536155d624a27ede781e17f2bcaf0f9ebf0b3eed87e442ba496fb713dae76b1c9b9c6afcb1c15a5b8060801a582cd6bc0b2eb87fe17d

Download Submit
/data/user/0/com.dugibanuwewi.bere/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
3efeaf94cc5d034eab346435feee3807

SHA1
b2d077a74ec18a651048309afcddb3abe478d505

SHA256
946a824d7448fe0cbf624f1ea49fde4fc4a35a2d8969a55cc5d449000ce383ab

SHA512
6010a1ac6eaeb12b6bfddf610bde03989c9d8c0129f9db156cbe267f461b96525807d014e7c44f4643290f5997636bd973ba51d0a34184c031bd473f9b2c6042

Download Submit
/data/user/0/com.dugibanuwewi.bere/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
227f04bf21a45b7c69612c08ac5b50c4

SHA1
e5789b93b2021bcef893d510d4c2adb5b16cec16

SHA256
55b1061cc318a45b2da3157ece7983e19381d0b11181b19e0da76fdf6505265a

SHA512
e84bfb7271ff368c37f35c4226fa21e8f7a354e3b868c7cbe2a761dbd2c2264d00dc7cf775625619a6cdb214892b62c9155987a51e8c12cfaacad87133ebb480

Download Submit
/data/user/0/com.dugibanuwewi.bere/no_backup/androidx.work.workdb-wal

Filesize
156KB

MD5
12e5dbb4dda680362166ccca7cc7d84d

SHA1
5e6df8bbd2818c965d0db04a4c274d56617e91e0

SHA256
dcf4795ab40cc1750a98bfe66e12897c38174b7ed68d32999610809a2b26523c

SHA512
067391325c088185e8ecc22a8fbd64b36362f7bcc68c7bcdbf9c5c2aa5b2b4f1381879bf910104b010ad7dac36e3f15f9ec3ef2b815597149f42a30672a52f0c

Download Submit