hook | 3ee0b5f142884ccd460b619f7a536b4c68d0d649e34ce477cfe97d18b9620453

Analysis

max time kernel
148s
max time network
160s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
07-03-2024 10:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ee0b5f142884ccd460b619f7a536b4c68d0d649e34ce477cfe97d18b9620453.apk
Size

2.8MB
MD5

db6463dca0973bb704ac9fce68a1dd23
SHA1

c35ffe6ab3797981da3b8fd830d4d0b3f3b24e2e
SHA256

3ee0b5f142884ccd460b619f7a536b4c68d0d649e34ce477cfe97d18b9620453
SHA512

bdae2fe17fb616a22c8559083e30d23ae5030923bb3dd95f7bab6e7ba38d19a22fa3140048f6cd222b2bbdb5087c7b9524fd695877734b3f64c5c809144f4fd8
SSDEEP

49152:9OcwHfICXpT/JVb0Tnb3fj29kgzpWUYCHBSZyL1xB07DsiHDwJAC6lg/Go:cT/ICXlvb0/PjakgPYCHBSZC1XCYiHC1

Score

10^/10

hook collection discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

hook

%INSERT_URL_HERE%

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion

Input Injection

T1516

Screen Capture

T1513

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.tencent.mm
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
PID:4430

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
6bd391c4dfc06bda9fa1453ce6729e28

SHA1
716b1ea8975af70d93589a1463ab8d4069abdabf

SHA256
9fb246127630f84e7bc11c7397ac211db4e5894557739a00267dffa8871a1bdf

SHA512
b4ef6c2ad2acf1ede3b39ea5fc9ff0d4b6dd3f78eb610ccf72dddc9ca93debddf8ae1d8d7f62483cbd2ebfcd2d5828c3bbdbd3cbed35ada32ba19b1811a13a37

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
76648af82f0923faa0c1c038a754aef1

SHA1
64d69199936b86270615b4d99a83fe650b5ec7d7

SHA256
e684b68fa6446d90fffc5d8fdefd0c6040751974d46e6a42cb342fc4b12fea9d

SHA512
0632c57bf5af9a139345cb1eb14dfc3128092898025b58e2bf15ced992c5059f4299256f79d1a8524f166bba072e9bdeb04a06abcc5ead86c24ffda35987db97

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
372e72d147fc6a8153c1b129b1c49c9c

SHA1
5428fc85cbc2e1e3ee334608c6d77c46149370e6

SHA256
ae1a1b14bbe0a3ab0234209009a6a1730903be7379c438e084ed0e85dc139976

SHA512
2919e3e36866faec4c790308461430c6749ca6b2604074ffc324ad1fd46f365765f2d59bc8198d48cfb62eb3d6bb78bd316cd06f4e4eacb3fbd99b3f848b05dd

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
34b702c56aed054bfa659b1514e312b6

SHA1
a8883d56ef7552e1db1e623dcb933b8d249cbe28

SHA256
d6f150e6ee27eee87eb13d60a369ea835e843a41ecd7516b0cae8cd15f4597ca

SHA512
34921c5de7cf6c5dd597fa475d07b2d6f39179dbf54621fe52f8be0211656cccd9c3f7db43c9f519a721dab14f4bb3db8dd8143e70bceb91ccdba574a012df62

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads