hook | 8d20189cd3865e13ce0c943b72472600308b40db54080c45d6b84117b69a6d52

Analysis

max time kernel
153s
max time network
146s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
07-03-2024 10:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d20189cd3865e13ce0c943b72472600308b40db54080c45d6b84117b69a6d52.apk
Size

1.1MB
MD5

f6c6e7b69ba6026646d229757a7c0dcd
SHA1

af240d54bc5c9f31646da0a220e0679b0acb194e
SHA256

8d20189cd3865e13ce0c943b72472600308b40db54080c45d6b84117b69a6d52
SHA512

b0220f3171cda248a3306547c58fb52323467553cca7290e1c3ccb78855b4244b1c45576508f42f86c76c1352dbf5148156aa62251320d07e6bb7346cbe2c2dd
SSDEEP

24576:NUlxsCIH/aelw2APkxE5ecT6AEVj3nIg/SsDl:NmxsfaAx+kMCBnIg/1

Score

10^/10

hook collection discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

hook

%INSERT_URL_HERE%

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion

Input Injection

T1516

Screen Capture

T1513

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.tencent.mm
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
PID:5043

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
c3355fa18e48f8aab71887990dae3bd8

SHA1
bc6f0d190c4b0f0d35ec9577814d686c9722fb1b

SHA256
aa08c8ae2e4db2ef553b45087dcd740c1f89ab17ab9d4de41d4a6357de859188

SHA512
77328763cf49d5be907365c5d6ec97cf15458e0837eb91f2d5e2e861e9cd19141c4652ef959cff613e9be7501af6e56ed5ffc08d9cb73344fd22a3a33cdca79c

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
59bc8d6349f201344e844632d26dc26e

SHA1
bd3581b28556ed6e5bc85678851be5b4c5280aaa

SHA256
052618293946534a56ec68c77cf95898114d13a5199dda8282958f3fbf36fe87

SHA512
e3ec502375a3b74f58fbacb103de952b727719db65a6b36aa545ac78a4d0ba35388f5d7dea5def95b183aa183d853daf931d791c585aa4e1545c1240fe6e5ba8

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
743c45a36f0bd8001d57ce3d384b18d3

SHA1
e376799d8c5f441586b3738778fa3f95601ebfa0

SHA256
4a67ad2be613886903007692ecfce58d006f97c7aba9608165903ca5c5c25a7e

SHA512
0d4c8906347ad9f9400405bfecbc28ef3424c8cb4d4c84e9385efa59cdeb810ff0392bc6508d033b279569683d7ccb899353d16f3f6ba765c95dc6f0178ba13b

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
d1e7aa9b5e949b847041c9fc81f3d830

SHA1
d58ad165ca46206eaa6679dbf870233902889870

SHA256
0f6bce5f802d2f02990d053b23cb53cfea2984c9d7f165cbcc847a1ff58d47e6

SHA512
b6ffd15ff553a7d8049a7b4b2b6d39a335dbd4f58b79b447efd68d4d3567515e6503b780b1e02ba9b83ed6691a69fff4a94f3c55a9ebc8aed48d2ae481d08c41

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads