Overview

overview

10

Static

static

10

0121588ca4...2f.apk

android-9-x86

10

0121588ca4...2f.apk

android-10-x64

10

0121588ca4...2f.apk

android-11-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    07-03-2024 10:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0121588ca4de977d77b3492af120588890cf758924fdb3412b780879d8d2192f.apk

  • Size

    3.3MB

  • MD5

    8d958576257733bd78fe81f84e768ed1

  • SHA1

    cd19e464b30b42d80a532cd994828696dc5f7b9b

  • SHA256

    0121588ca4de977d77b3492af120588890cf758924fdb3412b780879d8d2192f

  • SHA512

    9352203c5c06e69a2521041f3eb4751af80295ac50828b3e6a7d653198e6fb4db671b2fa214e3e3c166cf2a4c22ef54a5e87e40d6ce145a32a5c23b71a487683

  • SSDEEP

    98304:TAxM4GZm5vjgae1B4IIDjl5OMxeAPuYXv+r5Pd:xZwMaQ4ImlAYeQuYXv+r5F

Score
10/10
hookcollectiondiscoveryevasioninfostealerrattrojan

Malware Config

Extracted

Family

hook

C2

http://77.246.108.116:3434

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4191

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    eff864e88bafaee43abd849b09aa4e6b

    SHA1

    e649e01889fa83fa52dd869cd38402714bd2d330

    SHA256

    fecb49d4ea464cf6b2556be2f59f83744d67b661bb10b32077c9433637480d37

    SHA512

    0af03468928accaedeffdbb8b35bc3727679597cb16f83db1554b292f0373a49affef472116bbd2d39dc178412aa84d41a12e0258ea7133bd74553ebdfb79f9b

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm
    Filesize

    28KB

    MD5

    cf845a781c107ec1346e849c9dd1b7e8

    SHA1

    b44ccc7f7d519352422e59ee8b0bdbac881768a7

    SHA256

    18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

    SHA512

    4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    b861dbf6e19199eb9233c22d6df88fc6

    SHA1

    a854d885c913357ee069230ad90a5545cca2973a

    SHA256

    8d148c533349919201d69011a7212421eeb92a0959bad468fc992b2eea023281

    SHA512

    8fd3cbb0fe93d47a827d2cb4eae4683aaea79ea2fe596227ba97f36cf7445005ed0a0764c6caf48525e4b1c6a46b08cc8ff3a20f726219d79c4a6c43107b89e2

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    66592a2e619b79882e94cba85b448c09

    SHA1

    77cd68274ef6f19377cbd71e7d92ad50edc360d5

    SHA256

    afd2fee2b8186c6c0e64f8de5c62d447c842e22d7ae4ff3147984180d0e814d5

    SHA512

    658a9440a4b7a8bb32943a2ec87ee30ce68647cce3042dfbbdc13c500d45d33426aa9f48ad08ffdb6a05efb8e0a414862756c79624491d1ddff22c2f21df3757

    Download Submit