hook | 2b1ec76a384f7352d7efdada26eadac55e2cfb15bf3f0f6b93e5b0ec7a5e9755

Analysis

max time kernel
54s
max time network
130s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
09-03-2024 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b1ec76a384f7352d7efdada26eadac55e2cfb15bf3f0f6b93e5b0ec7a5e9755.apk
Size

1.2MB
MD5

74c85bba05db7cc8c8d4ba59bd8d6466
SHA1

c64203af82bc4a194a337e379b19d07060dea054
SHA256

2b1ec76a384f7352d7efdada26eadac55e2cfb15bf3f0f6b93e5b0ec7a5e9755
SHA512

c04bcb67427880d7dbc3c404dec38853012e3e91c4633a2a5e7f9d4f8ed9bbb5204a0106f14f399ac3c7ab3198120df3a2272265a67718375a86250c36518c3c
SSDEEP

24576:I23tyREyhg45RJiL8s5F71kn7OH41ZJLgSkDX:I23Wh15RJiLvJN2zgSC

Score

10^/10

hook collection discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

hook

AES_key

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion

Input Injection

T1516

Screen Capture

T1513

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.kicozapiruxesati.tasulu
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.kicozapiruxesati.tasulu
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.kicozapiruxesati.tasulu

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	com.kicozapiruxesati.tasulu

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.kicozapiruxesati.tasulu

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.kicozapiruxesati.tasulu

com.kicozapiruxesati.tasulu
1⤵
- Makes use of the framework's Accessibility service
- Requests enabling of the accessibility settings.
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:4265

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kicozapiruxesati.tasulu/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.kicozapiruxesati.tasulu/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
b2d7becfb1f9a5355d0b663d6affd400

SHA1
6977c939c1ea1210b666151cc8295e91f408ca30

SHA256
37d698e3c09f51eba85462525a4db2e7212c1c948d58088f65fa217e87d0bb80

SHA512
1ca718f36f5646a81d27af08d44a50cd471d8de458b6d1252251b7f51d99bf105f8c72f20ddb07f79a07ee0373d605bc8f36e5554025a87001562e50810ca122

Download Submit
/data/data/com.kicozapiruxesati.tasulu/no_backup/androidx.work.workdb-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.kicozapiruxesati.tasulu/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
38f50330ed8f18d03e8c9e5ade5f7019

SHA1
4d9068a016839082626ea605169871156c56f4c9

SHA256
7050f99a1828d814145ee2cfee707436552ed8e6c6fbc8842dca55880b6fc13b

SHA512
4dd367e4ed53c68b658970cf9baae42c57e6b4f5585e8a434bac09a341a474b1eee2c7bf9d32d688e4268e50de343cf255a6d0e03f9f462de030b1ce84e6daaa

Download Submit
/data/data/com.kicozapiruxesati.tasulu/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
bb7668a6364aa1b7b57e38d38ae9d5a5

SHA1
7cbe95b3b77ddbe9f34cad909e79b607182206ff

SHA256
d326b7bf68d11c6751e931eea6ee02c434a417001f9196025d40d5db87540d64

SHA512
2b1ebdfc86e56491d83f2c8c9da762bde17a7c4559a3c4068554c78fe28708a91574067545a9ff83896567dbbe0b7c394ec642953b8dd63afab732e7753a3765

Download Submit
/data/data/com.kicozapiruxesati.tasulu/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
8e8934cb1ba55f5483bc1f6e5188b612

SHA1
eed546055f1ae5606f89ac06d966c101b627b820

SHA256
5ceac681c478214030ae4fd6bae7916127df6b5305f943bd7c48389f0ba0a96e

SHA512
7a8d99ae20e9503bfd8056813f71b564eec77dfc37a8155a3bff4f502e34fd2d4029a9d5f209eb3c53800787a4fcce2270222feb679a335d7b9bcdedd5e3f212

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads