hook | 7c7e4213746a2816953fc46ce73e69a1b38ded44263a810a4eaedde8511800a2

Analysis

max time kernel
149s
max time network
157s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
24-02-2024 10:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c7e4213746a2816953fc46ce73e69a1b38ded44263a810a4eaedde8511800a2.apk
Size

1.1MB
MD5

a9cb55488b48219352f8c0eb7b5c3b72
SHA1

5bd952beda27c8c16d88a3ac5e55a1ff9f1e67ef
SHA256

7c7e4213746a2816953fc46ce73e69a1b38ded44263a810a4eaedde8511800a2
SHA512

9fb71720a0a6322e2d86fa349cb9c5dcdc78fe2e2f93601d403bf4ea1b87488d0b8006e3b0dd5cf29d08d6f525f919e9fa47e13c7bb9cd54b48fab8622f6e246
SSDEEP

24576:f0AVatewyf+fWGsGzGYPz2LXR5yPkoMOgSYv:M+j2fWGPXyDD2TgSE

Score

10^/10

hook collection discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

hook

http://93.123.39.169

AES_key

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion

Input Injection

T1516

Screen Capture

T1513

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.tencent.mm

com.tencent.mm
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4457

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
8a4014ea3b6498ff35020dcdfce211a3

SHA1
4596e8bd07d431eea0c786802114429e2167e642

SHA256
4064978c196a147f7bc8fcb61553e84ba665318cf63e20626623b497a8aa7869

SHA512
9dd63b94cf8f283d3a6b92388e6d50ad68a47f9e94215fab526446f88c0428f3726082e4d78aec99fe3028ddd470a873ae8113c0665a6d890994be46b57ceecb

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
ce116daa4193ed913d814a4026ed4804

SHA1
89e43c1b01d55da68a2258c634b18485da3282b5

SHA256
7f1f079f6f2316572239a25b4b3a98bd7458780ab62be2b1cce12bc4f4d59bac

SHA512
4a6ebf26ffe079d313b86dbd272773e413fec828a772f8fe9353f3edd69d48986a123c229efabf7843f79a00c5731038642f7484dea52f25743c5b83e7d41505

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
40KB

MD5
0bd072fa5f6842dc76a1762164a11f4f

SHA1
3d48a21171e279da437c55ba1d99339fcd42c85a

SHA256
83a7c3531e9ce6c366a33ac4638ed6d1015803875f6672d34b537db9d81aacff

SHA512
8a663a1d9a993a0ad501e6fc1ade4ea47a53dd65e917cb5f3c199d9ea94f8ba8da48632c60bf4e18c3835fd13de3f2a595e8083ca52e9c6c29a776069eeeeb0c

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads