hook | dbd8366157d0bbc61a55335d95f595882611ada6ae0acefdd344ec40eba8e9d7

Analysis

max time kernel
158s
max time network
151s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
13-03-2024 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dbd8366157d0bbc61a55335d95f595882611ada6ae0acefdd344ec40eba8e9d7.apk
Size

2.8MB
MD5

4e0e33d1fa3467cd88e4ced9cdea8077
SHA1

3ddb1492fef6b0951c172a307f759f3dc962e2a0
SHA256

dbd8366157d0bbc61a55335d95f595882611ada6ae0acefdd344ec40eba8e9d7
SHA512

8a91faa21cd9b67103b8ac445d36c698f7d729d7704c8d61407cf1a8612ff68dae8c1c4ff23c73fd82c4090ef82de688a10a5b38de1f0f06b2133d47a73e0978
SSDEEP

49152:Pi2q5Mqa4wh8vEZLi5APc/fbmFY8wGfFF5R2o0Rnw0rw2pl3Ft4y4X3wmAC6lg/q:alRavrg5APwbmFY8wGbD2o0lDw2f34RW

Score

10^/10

hook collection discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

hook

%INSERT_URL_HERE%

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion

Input Injection

T1516

Screen Capture

T1513

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.tencent.mm
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
PID:4460

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
511f882566b2de0a7d133f774f622f4a

SHA1
edb5af13494d195854b1456f00041a56243b00d3

SHA256
934c68b34ece2230bc34b87c3e4dd24c555d8c8d400a59b625affef83777bbab

SHA512
8409ff3a6bf4c26f239ea16d173cd9c26f7758fa7b0a988a4d9aed85612f4af86c17ae1a6fc4b9ded6a3156288e6813dc23e68b7300feaccfe05f38279eb2d12

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
99f9b7171ba9e07e438b66ed3b4a8014

SHA1
51e0de389bd4c38a457873e4b46b233bfa0055bb

SHA256
c5441ca6a3312010229d7b87f53b272d4d21e46fe8c9c92a2d864ac9f2e51bdf

SHA512
205327b2bc1f346dba7793bbbea28c57931a33f289a05b29dd044422efe9cba2a6516e802c9a28d64fd90d876ea223468569400216d33aeb11fd97ff42122566

Download Submit
/data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
942705272c6beae29bfab5c5ac33783d

SHA1
6f98552a42a71e89412e338d74119c13c4e595ad

SHA256
44147289317d2640e024740f4d102166e19e612ffb3f0c389bbc4032be003360

SHA512
5765cd266d165920ed440ce1bfbb773583100c1ea8e7365f17bd5371c051fe2738987161ed219ebe545e40e4acb24c93852833eaea9ce349c5cffc60b91fce05

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads