Analysis
-
max time kernel
51s -
max time network
132s -
platform
android_x64 -
resource
android-x64-arm64-20240221-en -
resource tags
-
submitted
05-03-2024 22:01
General
-
Target
fee9632fb0d203d1e945339015252b8c4f0f326c3094b93ddc14ab7806ad80f1.apk
-
Size
1.1MB
-
MD5
7f3fbd968788cd060ed891149d7019e8
-
SHA1
8c06f8c0db215d1b592b8b36581270f6f8b07bc6
-
SHA256
fee9632fb0d203d1e945339015252b8c4f0f326c3094b93ddc14ab7806ad80f1
-
SHA512
2a2c26757f55fc7796d54e59a41432c95959e0d54b4d49c8435f9d75bd21c90466f687af440a38f9a0ced73f5c0a8c0148d32a5d9677cbb2551ec35a94586f2a
-
SSDEEP
24576:votkkugX/a0C9GbCJy8MkBUWjXuoE/oJyONg/Pe8TW:AtkkTa0O5UkW/tONg/nW
Malware Config
Extracted
hook
Signatures
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service 2 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Requests enabling of the accessibility settings. 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
Processes
-
com.kicozapiruxesati.tasulu1⤵
- Makes use of the framework's Accessibility service
- Requests enabling of the accessibility settings.
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD57e858c4054eb00fcddc653a04e5cd1c6
SHA12e056bf31a8d78df136f02a62afeeca77f4faccf
SHA2569010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb
-
Filesize
512B
MD5b3c474ee053d2e3ddfc6db9fbe44c797
SHA1853c058514ccee81c8de065029b6f13b9fbb8f2b
SHA2567f9e54dfe802807bda62bc6953300b2665863ed9fc8f73666531a791d6e3048e
SHA512b86a4b7016c85f0e6ac9569c3fe7a1fcdbbed20a35a0339e79556a2499309c8da61182e6d418d696a83709e66de402749e161c633a8abd6cd0236f0791299bcb
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD50359023683365be11cc2f5abe5624b79
SHA126f65515877934ce34b61b39c45e0ae7dadbda02
SHA256c7d0fa89bc58b72348b04fd14f223e36ec6af829a98489f183025efeaf280a44
SHA51212cd42913ee462977d039f0c635f07b46486b06d335c51d31dec784ee94568c38965c27b5338fb2f76e7c0338ae9b8ce38b51cb50125bf8f980343acd4c07e72
-
Filesize
108KB
MD504f9662163b7a2014fbb2328a1a0f048
SHA11976e1e673e234d3f400c6818f353ed56ce81293
SHA25602377dc9c7f4b7037151b96b92e944e3d0c1e29410bcb912298e87b3e2a7be77
SHA5120de66d1d6605fae8d99308bdbce95d53d77da6872211e31fede75e2e24a14b3a7c8b6bff0c4ee385b733a10290522eb304adf219eb1fe0d2293d4f31786f1661
-
Filesize
173KB
MD5332e4d1a807f6a720c9a30b3b09a9353
SHA15d2fdcdd4e24f3f1d1113dada641ba59f535cdee
SHA25620ce7e795d889014366896fab7a6d21a7b3e531d606f6c04cf79a2987d6a015d
SHA512c49bc3cac086d5cea281f73705c41e630336d0b8bf35859eea05b87081d3d7e16e1c2e8d27dfb248f98f68b64c727e79e8d8b30ca838c67bc5adb31ea0597cc8