Analysis
-
max time kernel
150s -
max time network
156s -
platform
android_x64 -
resource
android-x64-20240221-en -
resource tags
-
submitted
24-02-2024 10:09
General
-
Target
7c7e4213746a2816953fc46ce73e69a1b38ded44263a810a4eaedde8511800a2.apk
-
Size
1.1MB
-
MD5
a9cb55488b48219352f8c0eb7b5c3b72
-
SHA1
5bd952beda27c8c16d88a3ac5e55a1ff9f1e67ef
-
SHA256
7c7e4213746a2816953fc46ce73e69a1b38ded44263a810a4eaedde8511800a2
-
SHA512
9fb71720a0a6322e2d86fa349cb9c5dcdc78fe2e2f93601d403bf4ea1b87488d0b8006e3b0dd5cf29d08d6f525f919e9fa47e13c7bb9cd54b48fab8622f6e246
-
SSDEEP
24576:f0AVatewyf+fWGsGzGYPz2LXR5yPkoMOgSYv:M+j2fWGPXyDD2TgSE
Malware Config
Extracted
hook
http://93.123.39.169
Signatures
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service 2 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
Processes
-
com.tencent.mm1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD55eab189841c3f284ad0cef28e5ec72aa
SHA13d6b73a84b428728e1d0d50a68f872308d63e976
SHA256f6d522c48f0605622e5ca34d5c2fcc780851b005ffd0a0d009c902545a8cebe6
SHA5121aabf8d2fb42fdb4fb00645711990f6746c461184b86b3901c4e40b92cea228203ea70d0ae2d9f61ecd0d78c86f04614e1ebe77842f03e2cefbe767c373b9cb3
-
Filesize
16KB
MD549b8b262653f99a74f11d0081042c15c
SHA1c2fd703338120824caa3699bf1ad0e6e8c485976
SHA256786b4a497ab070b4a0bd7ee1bb607fc17e98e0bdd33c126819b3148e8a590452
SHA5129bd048910c4b12cc5f8d97583e2e55a2a9a7f2ff346a3f4d3169b2ae33fa4e9c6dc329e1e4d06ef3b9e0e6ec6a761a4597b34962a87a447715f1917a9618fec1
-
Filesize
108KB
MD5b97eddcb3a7ccd844cb82139b585c1c2
SHA11a71672cdd6739adaf72e5de3fa6608d309b2b65
SHA25683b5649dd04279fd3c4cd2be631852822898a34f3ce93d2171e813479eeade28
SHA5125ffb0b26eec20999e32f35b0f3b122d7f412b7d273bb07fbb330fd0b2ae56bf8b8a667843e093bd2d3af4d6b4fd7ae3926edd3ce6ad51ad508d7e501ed306cf3
-
Filesize
148KB
MD56ceff0b609c1848aa616166ca350ada5
SHA1d47222610667c148f81a306610012ffedeade1b2
SHA2565efeed9b8cc451b70a4cdbe6f693a5853593cc4c5be3d90ba293b9b24a53ff68
SHA512641b1a75720cdb4e8c3bf12791d5ff82822684ae22a1a2b450ce1c32a3b087fe296c0b5e809b23d398e9ff8097e22720d2cfe0a494653e3168c88c1b1ad0d432