hook | 3ee0b5f142884ccd460b619f7a536b4c68d0d649e34ce477cfe97d18b9620453

Resubmissions

26/07/2024, 21:18

240726-z5rkgsydma 10

13/03/2024, 20:54

240313-zpt1nsaf53 10

13/03/2024, 20:50

240313-zmj3page2v 10

Analysis

max time kernel
148s
max time network
157s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
13/03/2024, 20:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ee0b5f142884ccd460b619f7a536b4c68d0d649e34ce477cfe97d18b9620453.apk
Size

2.8MB
MD5

db6463dca0973bb704ac9fce68a1dd23
SHA1

c35ffe6ab3797981da3b8fd830d4d0b3f3b24e2e
SHA256

3ee0b5f142884ccd460b619f7a536b4c68d0d649e34ce477cfe97d18b9620453
SHA512

bdae2fe17fb616a22c8559083e30d23ae5030923bb3dd95f7bab6e7ba38d19a22fa3140048f6cd222b2bbdb5087c7b9524fd695877734b3f64c5c809144f4fd8
SSDEEP

49152:9OcwHfICXpT/JVb0Tnb3fj29kgzpWUYCHBSZyL1xB07DsiHDwJAC6lg/Go:cT/ICXlvb0/PjakgPYCHBSZC1XCYiHC1

Score

10^/10

hook collection discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

hook

%INSERT_URL_HERE%

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion

Input Injection

T1516

Screen Capture

T1513

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.tencent.mm
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
PID:4190

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
eb00c4d07194b26da80808606d6ec506

SHA1
0b240c4bee51384397370c6af86943b072f6057a

SHA256
d186535ad43618b340dbfd716e9823908f90d05da7c32ed67b1c6f13feb243fb

SHA512
9823c94525c125971f3a03940383db3ed5e77683259b3b34b618e377b83edbef62422d530f386c2c9f6a3d06af0d333ce3412a11a29642e0f639aa188c0ad37d

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm

Filesize
28KB

MD5
cf845a781c107ec1346e849c9dd1b7e8

SHA1
b44ccc7f7d519352422e59ee8b0bdbac881768a7

SHA256
18619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7

SHA512
4802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
7b44499b0cd9073b843032bb9860f753

SHA1
4b3ac4df7734f31aa071a56fcbca2e6d890e9021

SHA256
a8008a525a7d1aee457dfbe9a94c8f247022fbf1f5984304fc66bc84d81a24e8

SHA512
469947384dbd764197d25ae0b5176cd1b6270dd3731c9a068aa4fc1951ee44f2e0c02cae5b0ee780b7aa36f0530fd3614747727e806379d0e1ed2b6b16901770

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
b52a4e4b28fc4942668bf77046c53030

SHA1
401ef7517e00e5d20babb1a2bb52833e7507bb32

SHA256
2801472d22ab0e9518cd5fcf3345c334365e5ffaa8cceb4edcbc1e9fc6861327

SHA512
142660e23b2525d0e6120d3b0833739b3039e02636287c5be849a2309378ca6d643ba8d8c58e1e37d5282728a54db0cc40068b3433f08c0f3dc01364679f6d06

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
6d5a66e6b848a3d1adc9932a46baae4a

SHA1
e8a376498f57d14b69af1a9112e93a7f923525b4

SHA256
6a941d3980142a2b47e82de9fc3b2e640d53c20c07315030a725a1ac3d1515e3

SHA512
079d766d62ad5ebc232b7e9eeb966804c5a052fd07b47868ddf2cff822d2573e70e8802ae63874ea4d2c46ff2019ddd39ccd09e3b592b58d7ab836bc67da643e

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads