Overview

overview

10

Static

static

10

2bd1641352...6b.apk

android-9-x86

10

2bd1641352...6b.apk

android-10-x64

10

2bd1641352...6b.apk

android-11-x64

10

Analysis

  • max time kernel
    54s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    09-02-2024 08:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2bd1641352c96b21dfa61088b708c907dd6b57e5ba919b6bb3a7c6bf649dc66b.apk

  • Size

    1.2MB

  • MD5

    ad5e53c3c1a9d830e4d5074a23b1ca7f

  • SHA1

    138458bc2cf96c813f2ff108d8ceb2a9cbc18e3b

  • SHA256

    2bd1641352c96b21dfa61088b708c907dd6b57e5ba919b6bb3a7c6bf649dc66b

  • SHA512

    cf1abb7b240258b0c54f84c56d491cfec68fd75152dad4821b162ec04f4fb2d590beb1f9833c4f5327e7bb8e0763b38116282d068a6fe917c7ce64b57cdfa8ba

  • SSDEEP

    24576:xj6ShpuJkeC0iOSqUPY25MA6K8aFU8RcGikBkwG4ugoCQpgS9ZL:jpu3qOVUHMA/8aFU6cd3QQpgSv

Score
10/10
hookinfostealerratstealthtrojan

Malware Config

Extracted

Family

hook

C2

93.123.39.235:3434

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 1 IoCs
    stealthtrojan
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4221

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    75a57d00fad5627dcc334d1ce84ef71a

    SHA1

    dadf271df285d825f032f659ca761b75218fedcf

    SHA256

    50204fb92dc225cda23aaae3725e7ddb82f9b80f32988841e0de70252943dfcd

    SHA512

    58439601db702b596429843bc8ea9d852ee8449012ce576c1792c5e6956a8170b9164da42e110d199c69d4bff98907f1905baf8f90034a20624f68f61d450b8c

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    08fb51993014a69631b20d83e03e6c07

    SHA1

    ad4f4b9803a4ee5cc45898cdc9650f513d0128f5

    SHA256

    c9362ea51dbad0a9064213f65669b4c3e78a05e9a6bd67948d6d9e58a9b0d65a

    SHA512

    58fe8800abb2519fc2007cac51686bdf767ef1ca9e7fe5196145de3ae79ded9462db0db8f1b66dca824290e04d37a62f37967b8905927a4082b0f8f746c55fc6

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    9c00f21f4113aa5db314346c5c467075

    SHA1

    943817b8c2f4a691791e439f47edbc239d0c5278

    SHA256

    d2106a93901aa93cf194234c9f4fda17c384a338ece7514bf6a034105a05570c

    SHA512

    bfda0259b268ec4f29e3107d0c7fcbbd5f7e7ca4332f221d29e755a0528d6727eb9faa77b8fce0c457074308a9419a6788d2ca686682964635e3d178686ff731

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    99ced6ff15863cbe4e0dd1da186ac363

    SHA1

    8614bf87841d293f350c5b4a90497da374bcbbe4

    SHA256

    80f475593cbbd3f18e3ccfe04d4f404cf022200fb42742956720b4aa2c47a741

    SHA512

    4c186d08f0c723794a05f440a296a51c97a92ef6311f9398976cedd0da807df6847df8641bdc1b723e2e4f0ef85bf6ba30bcbc52ac64de32e095caefd63ea543

    Download Submit