Overview

overview

10

Static

static

10

0121588ca4...2f.apk

android-9-x86

10

0121588ca4...2f.apk

android-10-x64

10

0121588ca4...2f.apk

android-11-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    13-03-2024 13:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0121588ca4de977d77b3492af120588890cf758924fdb3412b780879d8d2192f.apk

  • Size

    3.3MB

  • MD5

    8d958576257733bd78fe81f84e768ed1

  • SHA1

    cd19e464b30b42d80a532cd994828696dc5f7b9b

  • SHA256

    0121588ca4de977d77b3492af120588890cf758924fdb3412b780879d8d2192f

  • SHA512

    9352203c5c06e69a2521041f3eb4751af80295ac50828b3e6a7d653198e6fb4db671b2fa214e3e3c166cf2a4c22ef54a5e87e40d6ce145a32a5c23b71a487683

  • SSDEEP

    98304:TAxM4GZm5vjgae1B4IIDjl5OMxeAPuYXv+r5Pd:xZwMaQ4ImlAYeQuYXv+r5F

Score
10/10
hookcollectiondiscoveryevasioninfostealerrattrojan

Malware Config

Extracted

Family

hook

C2

http://77.246.108.116:3434

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5090

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    156KB

    MD5

    36b32f476e926b31bdb6173af9c4a4d5

    SHA1

    88d4898fbacd58995c48cab8064e8ba947c012a4

    SHA256

    88481c854b8b1b22ac6a37b17c8ee1f7410de598f81b7f742ceb2382b701319f

    SHA512

    497a4dc43b73e8ca2cf28424176a353ab86a24bc7c78fe685161f70005d4009a3720ae80829cf140c95436f8167f2ebbbcb3db937b65acbe747d198efeccc6b3

    Download Submit