Overview

overview

10

Static

static

10

975bd294cc...36.apk

android-9-x86

10

975bd294cc...36.apk

android-10-x64

10

975bd294cc...36.apk

android-11-x64

10

Analysis

  • max time kernel
    82s
  • max time network
    130s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    09-03-2024 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    975bd294cc538b2e270381421a52efce6a121fca342327c1b9cb304805c87736.apk

  • Size

    1.2MB

  • MD5

    f42b5b75570aa86122ee6045a24790b6

  • SHA1

    ed0b6d8bef694cbd5444ebe95c15a1283519444a

  • SHA256

    975bd294cc538b2e270381421a52efce6a121fca342327c1b9cb304805c87736

  • SHA512

    36cf6cfe62da07ac414c0bac78ae4c5f308835d8713eb9b72476279e8a28e4f11d9f25438e2b50b5eb384700e28eb3fd5ac04b890dad44cdee7f7c6b67e332e5

  • SSDEEP

    24576:3rgD07HDT4Yur9SP2CNzpf2v+dk4rq5TWOLz+1IgSm+:3rgNW26fYYTrq5TW0gSR

Score
10/10
hookcollectionevasioninfostealerrattrojan

Malware Config

Extracted

Family

hook

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Requests enabling of the accessibility settings. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.nupimunufayecihe.xutitaxu
    1⤵
    • Makes use of the framework's Accessibility service
    • Requests enabling of the accessibility settings.
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4619

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.nupimunufayecihe.xutitaxu/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/user/0/com.nupimunufayecihe.xutitaxu/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    15651aa5cd206f63dfe5cf832c58144d

    SHA1

    4ac37b3b808e252a2a0dbf15bc0aa91f5abbe63a

    SHA256

    00d58636bf44411d6e4253a9ec3769689f662d0f2b1abdc7acf1dd03f66a6c5a

    SHA512

    ab9f1bf0c3ca5b7947aa435b6000f348d0dd8a9ba690f59e13790df6791eb693ea563dc67840c52119b26f01dce0b3fe37a5834c2dc6b796640c67796f091ada

    Download Submit

  • /data/user/0/com.nupimunufayecihe.xutitaxu/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/user/0/com.nupimunufayecihe.xutitaxu/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    c998e38687c7abaf23c1628666238787

    SHA1

    50d1fea5143b80345ef81e84fa579b094b06e72f

    SHA256

    0b84b7d72825ab251540ae02d2d63f4fcd4a682219ba36eae6e6de1903afdb87

    SHA512

    29185a387cea3c014fca677a56e82277400229e5e6ca7e07f8da3604a5fd3b09072ab671d690cb7886594b73f31b0be8ffbab8d1ab23f5fa4e3b92e494039f78

    Download Submit

  • /data/user/0/com.nupimunufayecihe.xutitaxu/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    c44993e45b6d5d98555e249487b88e3b

    SHA1

    7dd665f942dc969f4af2cc8ef252601d4fb2623b

    SHA256

    daee0034f1a97353f7b8608cef446852242e378ca40ee4bbcb85c720d4482d89

    SHA512

    347444ff5915aa213ce3fcb96da63c491b625c19a35e8239c9f920df11c740177c6b163db007087844376bb64e271737edc889df780e28beb60983daa5072a65

    Download Submit

  • /data/user/0/com.nupimunufayecihe.xutitaxu/no_backup/androidx.work.workdb-wal
    Filesize

    148KB

    MD5

    83a17d496aae4aff3f00604d03925178

    SHA1

    0e1571b9864f2c7c485651f718606fd46a3eebbb

    SHA256

    911197ba261623240f4dce785c94887ecf4de6ab298cf9dcb20981f07e74dff6

    SHA512

    ab8807e79128568d8b50fc443c3b6c2f9b932c7dcd8bbc0218332f0208c66190b049cfa0e0c0303211bfc26a3fe0e40a637898088fb27cd88d6451bf433f4fdb

    Download Submit