hook | 2bd1641352c96b21dfa61088b708c907dd6b57e5ba919b6bb3a7c6bf649dc66b

Analysis

max time kernel
30s
max time network
147s
platform
android_x64
resource
android-x64-20231215-en
resource tags

androidarch:x64arch:x86image:android-x64-20231215-enlocale:en-usos:android-10-x64system
submitted
09-02-2024 08:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2bd1641352c96b21dfa61088b708c907dd6b57e5ba919b6bb3a7c6bf649dc66b.apk
Size

1.2MB
MD5

ad5e53c3c1a9d830e4d5074a23b1ca7f
SHA1

138458bc2cf96c813f2ff108d8ceb2a9cbc18e3b
SHA256

2bd1641352c96b21dfa61088b708c907dd6b57e5ba919b6bb3a7c6bf649dc66b
SHA512

cf1abb7b240258b0c54f84c56d491cfec68fd75152dad4821b162ec04f4fb2d590beb1f9833c4f5327e7bb8e0763b38116282d068a6fe917c7ce64b57cdfa8ba
SSDEEP

24576:xj6ShpuJkeC0iOSqUPY25MA6K8aFU8RcGikBkwG4ugoCQpgS9ZL:jpu3qOVUHMA/8aFU6cd3QQpgSv

Score

10^/10

hook infostealer rat trojan

Malware Config

Extracted

Family

hook

AES_key

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tencent.mm

com.tencent.mm
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4990

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
ff1618dd4b8637520c88bfd0a41a82f3

SHA1
16d6d4eb4aca9069f1651d7258dc93e0c813e962

SHA256
dd450806a357c16efea4306497893d37b0b88b85ea9d26f1445ead3f16c5e00f

SHA512
32aee7b279f6d68942d1b777396f5206a1826758300cce97c8b8ca99ee259a5868575d3df72c23406b9b2806d5d3580fe2b95105e3fe4987dc4045f81c3ff168

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
97ce7673c541057a7c3c990295e90e70

SHA1
390299d3b09e27b9a2a3fe12ac1647fff9b08aa2

SHA256
03fa01e0f4849947f49f3522291e1e7fc6e4ee6e34ad3681c4b3723461d9a2b3

SHA512
a138624ca9ed42340bf9a7e1f6f44ab369b98cbb3f23df4c80c6224eaee8abf8c335aca96808a5c053f150717434ca86dda6f32b2c5f2ed5dd07b2d1b33a8f7b

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
7d10bce579276042867c5298954036b8

SHA1
c15f7b9785df906a56b77944f524ef2bee7d2780

SHA256
db3bc657ca67c6ebc74c5211f0790c1b400a4d07f107f6b467b823a48635cc53

SHA512
4b24820fd319300a1b5e8cfed02b7730a8e370b280128213c55e438d70c1111c09a42640564af7b0d3c62e2e7ed268efb33119f774cb522e2e0e5b7133f7eb85

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
b04726c44f61d973ee488f0e5ac9706e

SHA1
a03b53158234fda73cf249c1d175adf047edde33

SHA256
9a8e163e903ad4faee301fd04345b3b841fd26246d761e716f1e7847b84e47e5

SHA512
327aa0181457a9d5fed25463bbb7df32a0723dc1009efa3c3489b62a423d42fd325cbe13e5b7e847fa7c4fef3016a95ae944cc88d9db4ecd3026e2c1f7116497

Download Submit