hook | 3ee0b5f142884ccd460b619f7a536b4c68d0d649e34ce477cfe97d18b9620453

Analysis

max time kernel
163s
max time network
136s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
13-03-2024 17:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ee0b5f142884ccd460b619f7a536b4c68d0d649e34ce477cfe97d18b9620453.apk
Size

2.8MB
MD5

db6463dca0973bb704ac9fce68a1dd23
SHA1

c35ffe6ab3797981da3b8fd830d4d0b3f3b24e2e
SHA256

3ee0b5f142884ccd460b619f7a536b4c68d0d649e34ce477cfe97d18b9620453
SHA512

bdae2fe17fb616a22c8559083e30d23ae5030923bb3dd95f7bab6e7ba38d19a22fa3140048f6cd222b2bbdb5087c7b9524fd695877734b3f64c5c809144f4fd8
SSDEEP

49152:9OcwHfICXpT/JVb0Tnb3fj29kgzpWUYCHBSZyL1xB07DsiHDwJAC6lg/Go:cT/ICXlvb0/PjakgPYCHBSZC1XCYiHC1

Score

10^/10

hook collection discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

hook

%INSERT_URL_HERE%

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion

Input Injection

T1516

Screen Capture

T1513

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.tencent.mm
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
PID:5057

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
ec4d3b8b704542c0aab84569488f5355

SHA1
0666764964b2b20c8aefbfcb1ebfd99b131c8dfa

SHA256
b9b15e75f1c2e1ae2795a9f116b85b3673aa5d11ffafc70dcfa9a11fd77393b9

SHA512
e5c8e4c03c8334b26b7e0e67146b7f9507462fb250930b8a975046a3ca9180a025fa2268381f551bada8e0083ffc897902e7d9d450c1b97fa963269c126937e1

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
dfb3294434a7fab1983b7941ff9d8c7e

SHA1
5967e8f7d5b961e6bbc7c15c7a66c35887afe05a

SHA256
48e6826411e39788df2852608eb4c6f80240aee5401e9d3232cfd2b8a5330c53

SHA512
5c7700d22354536d7300752dfbfb256523372ff8d3fa027ea449cdf3cb6ac8c9aecf28d9dcf7f770416dd61fef0ef3c0986823d74b163579738d79d929890ca9

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads