Overview

overview

10

Static

static

10

app-release-2.apk

android-9-x86

10

app-release-2.apk

android-10-x64

10

app-release-2.apk

android-11-x64

10

Analysis

  • max time kernel
    45s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20231215-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20231215-enlocale:en-usos:android-9-x86system
  • submitted
    20-02-2024 14:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    app-release-2.apk

  • Size

    1.1MB

  • MD5

    7c29721ae5193bfd4441b1761d584411

  • SHA1

    acaea84348eda0df39bb908859627cebb3e22a48

  • SHA256

    80fb4a2bfab1f0675eae40210a899a30987241cbb2b9497eb753668f433682b3

  • SHA512

    0d7dfa4be7596e0ad174f27d79193b008608735ca92dfaf1d06abc74a18a00c3837f19a5623fa0cf122b853eaeade72d0d8fa2d0e3f98b4db01585a88a6088bb

  • SSDEEP

    24576:x+iQHis9qSTp73z5HbjJe0HIbTzB0TlOk/ojy3fg/s4wJ:x+iai+q+xz1Y0HI3zBIJ/X3fg/iJ

Score
10/10
hookevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

hook

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Removes its main activity from the application launcher 2 IoCs
    stealthtrojan
  • Requests enabling of the accessibility settings. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator.
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.bofevacotexi.jepula
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Requests enabling of the accessibility settings.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4249

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.bofevacotexi.jepula/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.bofevacotexi.jepula/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    efd8b56720f745c83af7d8e3ea26a3ce

    SHA1

    426d171c732c1ba472323d1a4a39b25e93acc44c

    SHA256

    923a4d9031e19ecc5c4f25d01a5ed1f8a1c5a361392798353e738627c71e4427

    SHA512

    ba7d6c90e677fdbfd4acc7d712c2b2de607ac457bee5f586680d87674439e6ebe0ff0b830bc0fc057ae4ee567f5b43f8c5c1b69db1c8e9f861c8549080a32760

    Download Submit

  • /data/data/com.bofevacotexi.jepula/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    d73fa0f1ea51e9e347d27c1cd1f891a3

    SHA1

    e590dd5e8972c0b374a55ac47be5e238f0b9f8ae

    SHA256

    739888e9b6e9f8077b6a99f3efaae3df84b15d56eee6991532f41a29e62edbba

    SHA512

    5435cc6944eb481159817520643737c7d1e8131ef19668a30c7037d7c3b52888059388ceb4ec55757457ad1f1e59b734fed6b9e145bcbf5e50bd0e49b1a23e55

    Download Submit