Overview

overview

10

Static

static

10

0121588ca4...2f.apk

android-9-x86

10

0121588ca4...2f.apk

android-10-x64

10

0121588ca4...2f.apk

android-11-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    155s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    13-03-2024 20:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0121588ca4de977d77b3492af120588890cf758924fdb3412b780879d8d2192f.apk

  • Size

    3.3MB

  • MD5

    8d958576257733bd78fe81f84e768ed1

  • SHA1

    cd19e464b30b42d80a532cd994828696dc5f7b9b

  • SHA256

    0121588ca4de977d77b3492af120588890cf758924fdb3412b780879d8d2192f

  • SHA512

    9352203c5c06e69a2521041f3eb4751af80295ac50828b3e6a7d653198e6fb4db671b2fa214e3e3c166cf2a4c22ef54a5e87e40d6ce145a32a5c23b71a487683

  • SSDEEP

    98304:TAxM4GZm5vjgae1B4IIDjl5OMxeAPuYXv+r5Pd:xZwMaQ4ImlAYeQuYXv+r5F

Score
10/10
hookcollectiondiscoveryevasioninfostealerrattrojan

Malware Config

Extracted

Family

hook

C2

http://77.246.108.116:3434

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4477

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    0dde281c154a084d3882adef6fb92f4b

    SHA1

    555bdb8c0df238ae09411b2da9af4f2bcdad64ac

    SHA256

    e0be3c9bd6ce0e7ed0b80ed35af7e19d5fe54dfcce0990f8de6af7bd58d3e3b7

    SHA512

    0bec62bb67b645302d3b992e4300e18e35e8fbdc5ff845f10b3bc915432106c72f7fe8f8ea21068e9e799f0303f5a6abc87cdc4abc76ddec7903e5f5945768ce

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    f683e5c335d0361d0ae7c0bfc37b04fe

    SHA1

    d2926a11e8abd7115ab1a4e742e1f83b51a0e2b5

    SHA256

    baa2314e196ae1e437fb67aaaeb31134804f55eb4205749fa5dd45be8ac88f6a

    SHA512

    164e438c7d9182ba669edaf93511d4195c65a2c62d8125b4cc1e36c98a8014d0accde3e911e3302f2f454c26730c2b3b49f9b93559972f0b0d73902a91f1e849

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    2848f5f9d4966745e834ad011f3972e6

    SHA1

    a3b0b719336ed8e1e821a53af1eec3f15354e792

    SHA256

    0b5f33591ec39ebe9e457beb683bffe642973a30e6e26c16237c7f667883a8ba

    SHA512

    0d8e70ed977244e990d6ba59f072b589ba239cfdd3896be38f92144acbf0ab0446cc12a06d43587ee7c522283b4caf591b137dbb6aa71cb52f3fdef12db1ff37

    Download Submit