Overview

overview

10

Static

static

10

2b1ec76a38...55.apk

android-9-x86

10

2b1ec76a38...55.apk

android-10-x64

10

2b1ec76a38...55.apk

android-11-x64

10

Analysis

  • max time kernel
    51s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    09-03-2024 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2b1ec76a384f7352d7efdada26eadac55e2cfb15bf3f0f6b93e5b0ec7a5e9755.apk

  • Size

    1.2MB

  • MD5

    74c85bba05db7cc8c8d4ba59bd8d6466

  • SHA1

    c64203af82bc4a194a337e379b19d07060dea054

  • SHA256

    2b1ec76a384f7352d7efdada26eadac55e2cfb15bf3f0f6b93e5b0ec7a5e9755

  • SHA512

    c04bcb67427880d7dbc3c404dec38853012e3e91c4633a2a5e7f9d4f8ed9bbb5204a0106f14f399ac3c7ab3198120df3a2272265a67718375a86250c36518c3c

  • SSDEEP

    24576:I23tyREyhg45RJiL8s5F71kn7OH41ZJLgSkDX:I23Wh15RJiLvJN2zgSC

Score
10/10
hookcollectionevasioninfostealerrattrojan

Malware Config

Extracted

Family

hook

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Requests enabling of the accessibility settings. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.kicozapiruxesati.tasulu
    1⤵
    • Makes use of the framework's Accessibility service
    • Requests enabling of the accessibility settings.
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4687

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.kicozapiruxesati.tasulu/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/user/0/com.kicozapiruxesati.tasulu/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    e3dc0bd7d24049dd2f58dbf882c74034

    SHA1

    84f5e69f14d6167d2612f64e2a4cde4de38d9b18

    SHA256

    4f529c7591100745ab0b4cf52141304eb135c2670ffb263fb38bd134c5d4cbde

    SHA512

    d5987f60f53e4fbb8c22efd9216f85941817be4f686c5df119530ae22b9711da2004ffa3f33d78e22e2c9eb6a6e47ae78ad162c81ce8cee6a3ad03f7ced55602

    Download Submit

  • /data/user/0/com.kicozapiruxesati.tasulu/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    bb2baddee8b76a561b97f9b843d815c2

    SHA1

    b9cf5218f9016b913bcb2a14d9cd01f5a91ff4e4

    SHA256

    c16a2579fb5de51bdede044df45ae8a76f25b9fb993ea2aa29383e31e5bbbd30

    SHA512

    4753c30eed3f2fe934cd85004dfe317a99fccef65ffd0b384649bef387a7dc68d8a2c5a0a2e110f831bd954b76f4693409699de186df22a769b6f3189f963872

    Download Submit

  • /data/user/0/com.kicozapiruxesati.tasulu/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    8d066829af37e6ec58d599603e90095c

    SHA1

    4f4e170276afcdf817f2d3957b86700cde6f54e2

    SHA256

    42502fb416efe1179d29b3499e8e848a975d5180243d5f105026dfde0b6cb8b7

    SHA512

    b83187d9d5affe3403ccb7a539ae16338cd66537676a4c90cace4401de231dc4fe22afdeb02cc3f9563b2a05dfe20499fa2e0c0fadf4f4f66a0b9269b7998762

    Download Submit