hook | 8d20189cd3865e13ce0c943b72472600308b40db54080c45d6b84117b69a6d52

Analysis

max time kernel
152s
max time network
155s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
13-03-2024 17:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d20189cd3865e13ce0c943b72472600308b40db54080c45d6b84117b69a6d52.apk
Size

1.1MB
MD5

f6c6e7b69ba6026646d229757a7c0dcd
SHA1

af240d54bc5c9f31646da0a220e0679b0acb194e
SHA256

8d20189cd3865e13ce0c943b72472600308b40db54080c45d6b84117b69a6d52
SHA512

b0220f3171cda248a3306547c58fb52323467553cca7290e1c3ccb78855b4244b1c45576508f42f86c76c1352dbf5148156aa62251320d07e6bb7346cbe2c2dd
SSDEEP

24576:NUlxsCIH/aelw2APkxE5ecT6AEVj3nIg/SsDl:NmxsfaAx+kMCBnIg/1

Score

10^/10

hook collection discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

hook

%INSERT_URL_HERE%

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion

Input Injection

T1516

Screen Capture

T1513

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.tencent.mm
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
PID:5099

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
8dbb22da544f09769ab3c1ebea37c86a

SHA1
2c0d8985ac7686731999931b0821b5b6022d148c

SHA256
1852508fdfaa8f90af941fbee6629f0ce676fc867d052f3f165399dcbfdaf828

SHA512
5c47eb11f84ef87ab0c1e4aeb9ac862a02dfa276b2c774d664deaac3db99b5f57d1fdabe2f41288526b190bfe6656e3c66ff11a343d9b32cfd2d5ed3e9a6712b

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
24a2c7b237db2300d05942f7985f7591

SHA1
e551b397943a374cebecbbfc820ffd4e17af7b5b

SHA256
8248cc3aff63444b8eba6d5735e8aa4933e7252537a7b9effc75ce6729fb4ee6

SHA512
b1e163a1f485ad2360af8da6d14c4834bed8eed5dc57efdf281c72f7000a47bb6bedeab486c46a762655680be3daa04791b856ce38398ca91ccd99643f04e484

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
156KB

MD5
8458ae4f8787bf0afe1bb109e6818cd4

SHA1
ad03068914e6675c608c8198cb81ffb7831caff5

SHA256
c93eda4289ea63809545e905c4d27417f6c987f8fb0e864ce45d5cb011dec926

SHA512
e9e5408be8f433efe2dd79770e4f6dbc871f42092c7c78d4d1ef1079e9d5288aebc2fa7591d9473ed56ee49ab3b46e3574d47f1efb15735a9e1381a30687edec

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads