Overview

overview

10

Static

static

10

f9db7aecc5...04.apk

android-9-x86

10

f9db7aecc5...04.apk

android-10-x64

10

f9db7aecc5...04.apk

android-11-x64

10

Analysis

  • max time kernel
    72s
  • max time network
    143s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    05-03-2024 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f9db7aecc5c0a5102fca21c0166cf2b4d00150ff1adb8fbf609c09461dcf8c04.apk

  • Size

    2.8MB

  • MD5

    176c428b54970b3bbfb6931ead77003c

  • SHA1

    6b056ff3c8dc76a62a96231abdf95f8f04b7ba2a

  • SHA256

    f9db7aecc5c0a5102fca21c0166cf2b4d00150ff1adb8fbf609c09461dcf8c04

  • SHA512

    e7ad56235fedfcf92a79cae4755afd9ea158249cb218098bfb3dce82824d37acf34506510fd011babff6266097ebdee4b21fc7f6c8c9a72ebdaed4ae72d2af72

  • SSDEEP

    49152:zYHNjVlWPHYX8248jyBNDlYS9qBVSoAhtSsuhaEdn5PowLbo2msM30knQsPCJ2DW:gtVCu8248j2NDlhqBVSocuhaEdn5PowV

Score
10/10
hookcollectionevasioninfostealerrattrojan

Malware Config

Extracted

Family

hook

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Requests enabling of the accessibility settings. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.cixacepufafikabu.golegupa
    1⤵
    • Makes use of the framework's Accessibility service
    • Requests enabling of the accessibility settings.
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4571

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.cixacepufafikabu.golegupa/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/user/0/com.cixacepufafikabu.golegupa/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    c8b2438008e82910c198af4572ebf0b4

    SHA1

    43b198b278b8f2e14b1fe60c8e4015e44d6b4905

    SHA256

    22b9f59d979c39f19e863cc167439b45d606011a2a61a5f332a5e7cfb3c75af3

    SHA512

    c18ad6de9ccedd23ace255b83038b2a5050a91421c7fc0fa0f7ea2ce238c1eb21fc71a6ecbb15346d65af748073f052d83441f72df655e477a67a998046def7c

    Download Submit

  • /data/user/0/com.cixacepufafikabu.golegupa/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/user/0/com.cixacepufafikabu.golegupa/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    54e920e3fae8ced7e3ea469f684164d1

    SHA1

    f525ae6615287900e61aec691a2d2ee682a5b887

    SHA256

    1b61a74ef6e9d9880fc6f7b344a7df525869adbfbec67f76281488bd0c68a1b2

    SHA512

    81a3d79a9a26380ccb89752574f3510a2302109c9a78d9ddec4bf54a3d8245577a6f25a9fca9f54cdd7dc464b8945f8bfd90a1154534b1d5c138d1c5abac748d

    Download Submit

  • /data/user/0/com.cixacepufafikabu.golegupa/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    7c5d6bc040e3166ea927cad4efd6cfb1

    SHA1

    a02e35579bf0beb31e4bee276e5a2d4edd137a10

    SHA256

    856c2af5e7ab5ea0ad28fe0f07253fdecf9c817e0756aec7bd8c5bb9bab992e8

    SHA512

    a027f58735ec831989f0bb9d63810ccf5edf46df02489ce5cef9d9c73bfbb6b109953bf6445c0f5eee54dea4ddcd991522504f829f8dcb725ee35e0dbe6c4ef9

    Download Submit

  • /data/user/0/com.cixacepufafikabu.golegupa/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    0ef68997a81258ddd3669de02e12dba2

    SHA1

    0854f38b9ab3238ecc3ea376f028d8a15eafcb3f

    SHA256

    177f09136a348ed37a24a3006b17b1443f2c488d613fadcc6cf49baccec854e9

    SHA512

    3943bb1e0a30dd92d280643470f2c27dc84c8880f5c789ebb6de0434027f2ba50531d2e9451c3b34534cb7971d66ac069b6508425928a837d4465ee68069167f

    Download Submit