Overview

overview

10

Static

static

10

3ee0b5f142...53.apk

android-9-x86

10

3ee0b5f142...53.apk

android-10-x64

10

3ee0b5f142...53.apk

android-11-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    139s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    05-03-2024 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ee0b5f142884ccd460b619f7a536b4c68d0d649e34ce477cfe97d18b9620453.apk

  • Size

    2.8MB

  • MD5

    db6463dca0973bb704ac9fce68a1dd23

  • SHA1

    c35ffe6ab3797981da3b8fd830d4d0b3f3b24e2e

  • SHA256

    3ee0b5f142884ccd460b619f7a536b4c68d0d649e34ce477cfe97d18b9620453

  • SHA512

    bdae2fe17fb616a22c8559083e30d23ae5030923bb3dd95f7bab6e7ba38d19a22fa3140048f6cd222b2bbdb5087c7b9524fd695877734b3f64c5c809144f4fd8

  • SSDEEP

    49152:9OcwHfICXpT/JVb0Tnb3fj29kgzpWUYCHBSZyL1xB07DsiHDwJAC6lg/Go:cT/ICXlvb0/PjakgPYCHBSZC1XCYiHC1

Score
10/10
hookcollectiondiscoveryevasioninfostealerrattrojan

Malware Config

Extracted

Family

hook

C2

%INSERT_URL_HERE%

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    PID:4263

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    6822064cfb3fd68e65a5b95bc87cf131

    SHA1

    78c15d7d6e704e5917a41fda66e0a10a813d4c70

    SHA256

    b9b4fb83683f21850f4d36ff79b6e757ad87905325c0308d049a88d790e2bf73

    SHA512

    0d27028db12cd03aa9e4f22fa3ac6816fda965efd508627310e6fd32e470cb233cc833e86bfdf1ad0dabbb29c342e215572ac456ea348b8c8ab958476169eb58

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    dd4e482430d9a71901d82ee25c79d0a3

    SHA1

    52994642c78656edf098e50ab433a7ffd7f87ce7

    SHA256

    b30df2847782d5540c11d0ce8bad6305694e20d54d080a08f8e2799ecf2eef65

    SHA512

    b874df67110361f349ba617987eca54807637b4115d940138bc74373d8f62a5e5c8b9ad6be9943e891609a3caa92b8f8828e1f27d9a238bde002a0d5d97b326f

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    916407f75128cee53e616ae7619e3c50

    SHA1

    7abee89d3a3ea9408c99d1fa55425c51c050a92c

    SHA256

    98569e961685956c1ac8730ecbac02b5148a0c28333954906cd99fd2767c1ded

    SHA512

    133b4a9257df9c538aa228ce28f8c8826b685b888fcf9382289331e57334f33b6ec2bdb19604b403556c1838f1b37edc9073396af33e8deb2d2a18aaa1a9b4e2

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    8c5f29eae920d55a03ece4eab3f194d5

    SHA1

    fd2a9d844ed74c85a526c9aba114b0bbb7e34b02

    SHA256

    fcc81cd2efb1ce2840f29065293ad24deeeb49daddc9fa686feaa81b8b976236

    SHA512

    ac03db5a030e6df4fbad93f2a950db04e4beee28bc508c161fb82b46f738036908b1faa82abe90a3ff6ea2d4740bac1ecababb834db63ff8532f70d306f6c2fc

    Download Submit