Overview

overview

10

Static

static

10

b362840bd0...f2.apk

android-9-x86

10

b362840bd0...f2.apk

android-10-x64

1

b362840bd0...f2.apk

android-11-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    167s
  • platform
    android_x64
  • resource
    android-x64-arm64-20231215-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231215-enlocale:en-usos:android-11-x64system
  • submitted
    09-02-2024 08:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b362840bd046d1bd4632ce0cc5409feea4ef868f1f8f3ef1d6cb726a44b280f2.apk

  • Size

    1.1MB

  • MD5

    ee65a8788025a0cbda72696c330bf315

  • SHA1

    8cd6f2398e3ac34a3ae30d4cbfe56385b10987a2

  • SHA256

    b362840bd046d1bd4632ce0cc5409feea4ef868f1f8f3ef1d6cb726a44b280f2

  • SHA512

    b570ea1b0ca3a1252e2601532022639efa6efa1ada8885413ef933defaee73ce1cd44651a7fc6ec7086fdbcee47ae566d5e045dbbfef4312351bb015bf6a0f8c

  • SSDEEP

    24576:MJwCWpW6tMjahNNIDQpK7GFbwjojyGE2g/hVT2:MJwjtMjahNRlwjXd2g/32

Score
10/10
hookbankerinfostealerrattrojan

Malware Config

Extracted

Family

hook

C2

http://93.123.39.235:3434

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 IoCs
    banker
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    8928d7575575f083dcf6150426a71dd8

    SHA1

    e11b8b31fa4f7606333a6a2a90b7f13c9495145c

    SHA256

    0fdffbe83003c0bbf568f3d9d003d16e6a12659ffb46dff741f2eadccaacb962

    SHA512

    18c8545acdaf747557fb571b32246c35d1617437f6eb5267191ef220414bc320b671c9dab4b41f3ce22422615db5c9e394a485c8ea920733f766a620f7a20fa6

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    990c8f0b75a3edc20bcd473725d403f4

    SHA1

    bd7cc54271eb8e3f7c28cd4888fc653506a27ada

    SHA256

    c704de651c52d1c907b9bf7e5db41e8ba3e5c0d2ebfbcae5e86eccb3607f575b

    SHA512

    5982e1d28181a54f4523ef474e7ee3bed0b0e6076d33db68c9e79cd20f23263cf686979d7fb6a69fe04e97cfb5403a509ce83d6f552db5b194c83d236d38749b

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    1c8e25168290cc3abafcaacc2051b245

    SHA1

    e889441aacf32480b807597d5eefa709f56259d3

    SHA256

    b9dee8ebc1db5ad56372e983dbb712355ebbf526e6003e91d3be465c72bf1463

    SHA512

    087d7b10be0e98b73dd71117b5388c163d9486096c8d30e8b36270cca9a7a4a9b78ee64ced1e959ba481283ded2f192b90bdf486f6a1956307661b6d3d4fb2c7

    Download Submit