Overview

overview

10

Static

static

10

3c21e47c04...a1.apk

android-9-x86

10

3c21e47c04...a1.apk

android-10-x64

10

3c21e47c04...a1.apk

android-11-x64

10

Analysis

  • max time kernel
    55s
  • max time network
    154s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    05-03-2024 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c21e47c0430495ca819255c0bfde2d30d1e121dc09d174f3bf4d5797929f2a1.apk

  • Size

    1.1MB

  • MD5

    397d193739f87a3c4ed4a5fb9cf8f43a

  • SHA1

    e30b5f0a984dc3200e55db689ed5defed5efaad3

  • SHA256

    3c21e47c0430495ca819255c0bfde2d30d1e121dc09d174f3bf4d5797929f2a1

  • SHA512

    58a1ad4e3ebd5cf7dbc82ddb6ec9acf00a25a62ee620c480e9ec4d329edbba0df3ad78d80b4eb11687687611ef55a522ac1dfe131a9667e841e97f72e92017a5

  • SSDEEP

    24576:a6NKl7FvoGo1DMRaeq2lfnXTB2I3hmW3+NUr1ojXmhP07aUdg/bMpk:a6UD+DMR0iJhL+Ii2hPXUdg/0k

Score
10/10
hookcollectiondiscoveryevasioninfostealerrattrojan

Malware Config

Extracted

Family

hook

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Requests enabling of the accessibility settings. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.google.bg
    1⤵
    • Makes use of the framework's Accessibility service
    • Requests enabling of the accessibility settings.
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4324

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.google.bg/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.google.bg/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    b65d094736c18ac879a3e91884a951d7

    SHA1

    5ec22804157171556443587d0af92ed02403d6b2

    SHA256

    49f1891911dc1498e705516ee9ccb02e6609dfe6b18147e6756349d33c0383eb

    SHA512

    27872449b591b98d2272c2cd763d31298dcc18a1deed8a0f61480348c14f82ac2382fb513a7bdf8b0a0261c3377b02a00112e067f8fc3a4c00b76721a0cc327f

    Download Submit

  • /data/data/com.google.bg/no_backup/androidx.work.workdb-shm
    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

    Download Submit

  • /data/data/com.google.bg/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    0f8f422f41b892e4d97ccc76731b37e2

    SHA1

    986405612ba088e1d6ef6f37a81ac4df39964fda

    SHA256

    0dd996f573acb14c25e8bf12ecb052127a0d6aab18ef84ea78a4b6ae90008bee

    SHA512

    c0529be6d7418607830a1d8c6cccf25d70bf3e0677435a6a66be8454d28d13299e6f8a51226edda4d25cd86b70223e092919b42dfb5215d22bcc663e054dd7b3

    Download Submit

  • /data/data/com.google.bg/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    f9b95e604479840ee5306f373cc29562

    SHA1

    f57db103d65528f6f59826ee6c27489db7410307

    SHA256

    3a1a33302726c8f29ba69906c858c2585f80cbf41a96eaa2aa642cbe48afb7bb

    SHA512

    97f87423bb9385905dfa2ed49cbec606d81bb8a3b8919ae06361eb510298b91c03626f75abcd355664ff9eb277e112a17fe417cb59bc9e12d3ec2d321865b843

    Download Submit

  • /data/data/com.google.bg/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    e823b4ab60951badc441a4731390e9da

    SHA1

    af981f4cd1cb1677b60f2a8dfe250e8e4ff3cba9

    SHA256

    c3453897edb0b9660f5d151f4516eaf916e753ff95105aaff6a86705a892a397

    SHA512

    e00f6efcb4a72116a778bdd9a3353140d39c260a740d7d75ef7d3c1a8c7e0f9b47f808aa5d8533393fcbd733c9a685e2a03c9a85a45400250b4407e20062587b

    Download Submit