Overview

overview

10

Static

static

10

3ee0b5f142...53.apk

android-9-x86

10

3ee0b5f142...53.apk

android-10-x64

10

3ee0b5f142...53.apk

android-11-x64

10

Analysis

  • max time kernel
    159s
  • max time network
    157s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    14-03-2024 08:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ee0b5f142884ccd460b619f7a536b4c68d0d649e34ce477cfe97d18b9620453.apk

  • Size

    2.8MB

  • MD5

    db6463dca0973bb704ac9fce68a1dd23

  • SHA1

    c35ffe6ab3797981da3b8fd830d4d0b3f3b24e2e

  • SHA256

    3ee0b5f142884ccd460b619f7a536b4c68d0d649e34ce477cfe97d18b9620453

  • SHA512

    bdae2fe17fb616a22c8559083e30d23ae5030923bb3dd95f7bab6e7ba38d19a22fa3140048f6cd222b2bbdb5087c7b9524fd695877734b3f64c5c809144f4fd8

  • SSDEEP

    49152:9OcwHfICXpT/JVb0Tnb3fj29kgzpWUYCHBSZyL1xB07DsiHDwJAC6lg/Go:cT/ICXlvb0/PjakgPYCHBSZC1XCYiHC1

Score
10/10
hookcollectiondiscoveryevasioninfostealerrattrojan

Malware Config

Extracted

Family

hook

C2

%INSERT_URL_HERE%

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    PID:4365

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    62688e7c9c98f952940f4a59d9c9c237

    SHA1

    a9a4674e2400bb6ded3042691ebf564304ede64a

    SHA256

    0fd530da2e05a0c785d1cefff7d3f77d9a8ca1a4c1d9c3e4e4a49170b7c5fc7b

    SHA512

    c9c551543f930642b48d8e4119ac81f11a03c8d3b447ba87e0af313793e6d86a0bbf3b97dc8cc55568b09a1a95dcf8e5f7a9f01b482311f551a873060368ae4c

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    cdf8e406072200f62568a14e1163cc1d

    SHA1

    af772b4d9cc466f129be04f03113965cf7fcede5

    SHA256

    839c6d75c0c574a59184bfaa41963d59334d027891d201e485cf27928e116b2e

    SHA512

    6f14789f3709094fc2dbcb7415d1fb41438747483330cd3dfb9a0d4cc4bc5a8aa7be8160aa5c40a474abdcb06f775a00ae8746bdb8965e5748109f88292cf912

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    3f87c0e26ecfce6b23512a4e13bf9d0d

    SHA1

    061d4d78edc28a040262cffb1eec4a022f9c6324

    SHA256

    c57ebe4176addc617e8759f63f88e6652ca6b89992ef35c797680101bc107d9a

    SHA512

    5d3f8441a80a47a531c84f743b84cbf925f9cd8ac99802b5e4fb50b434faf2284d0dab5bb5148cbec895d4d6cf99a4e00ed93cf429544967e00feb26a01ce194

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    585778f320c0de88cdb4b5dc75b475e3

    SHA1

    6f7ffca3af83869fa10549dc2dad823316f8eebf

    SHA256

    3e569842ade3bfa100f17f8ee955f5370fa0363d53d9a2b346e025e30e094d7d

    SHA512

    de596408ff279563ef725f84ee33b352db175abfd0184873c30fcaef2aa10758d9b404add2bab16cdd0ff37e9f32f7a546d60ef9c9a80a3158574b60142ede42

    Download Submit