hook | 3ee0b5f142884ccd460b619f7a536b4c68d0d649e34ce477cfe97d18b9620453

Analysis

max time kernel
150s
max time network
150s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
14/03/2024, 08:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ee0b5f142884ccd460b619f7a536b4c68d0d649e34ce477cfe97d18b9620453.apk
Size

2.8MB
MD5

db6463dca0973bb704ac9fce68a1dd23
SHA1

c35ffe6ab3797981da3b8fd830d4d0b3f3b24e2e
SHA256

3ee0b5f142884ccd460b619f7a536b4c68d0d649e34ce477cfe97d18b9620453
SHA512

bdae2fe17fb616a22c8559083e30d23ae5030923bb3dd95f7bab6e7ba38d19a22fa3140048f6cd222b2bbdb5087c7b9524fd695877734b3f64c5c809144f4fd8
SSDEEP

49152:9OcwHfICXpT/JVb0Tnb3fj29kgzpWUYCHBSZyL1xB07DsiHDwJAC6lg/Go:cT/ICXlvb0/PjakgPYCHBSZC1XCYiHC1

Score

10^/10

hook collection discovery evasion infostealer rat trojan

Malware Config

Extracted

Family

hook

%INSERT_URL_HERE%

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion

Input Injection

T1516

Screen Capture

T1513

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.tencent.mm
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.tencent.mm

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.tencent.mm

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.tencent.mm
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
PID:5043

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Input Injection

T1516

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.tencent.mm/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
f48acd142a478a8c231ac737bbbb6376

SHA1
c3b9b8484aa060620c6143c42a88de982e1179ee

SHA256
e6c22910f0caf9b3518b8552b6067ec6fac245656368944c70f2d1772982eca8

SHA512
25eb41c5c3f6676e7a70497620bdd17d0d7cabbaa82598e4c776822d03a1763c96acecefb394bbf7c95d734e7058adb1fe79cf2461265e41bd81d4b9beca5bf9

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
088e1caa8439e97e6284fb6ccc1e0d5a

SHA1
ab26dd5f26888260117929aa8fbe7e8870882171

SHA256
8fa591349fbe3ad3b7ae248700614b5253759d5498eab3fc77c9163b44a8c925

SHA512
1afd863b3c6d39062b314157412024fb0fa3553c8b7313a33382105a1f94f1a0809b030500a6fd37aa2a354c66bad74a53e5c169d4b6c0585a83c03c86f3678c

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
a883fb097dcc427817e701aa144021f8

SHA1
ead58287e6974de40776d3bf0223bd21f9e5c09a

SHA256
3ba3d2c6a9120588f22e3bcf921570fdc8b0e2b7378fe7108227dac5fae54621

SHA512
69131fb7558c33a59bce57bf2bfeda803572aa1a87bc64bc358976327620476f410c07c02f8a1bb8a64b7e055a47c3b2d35a0612d350da3fdc7e9cb08ecb9fa0

Download Submit
/data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
08a923f280fbb6c2d2e2b5d918618769

SHA1
8e489b6d295f738c5c95f6212dede16fbda9a00f

SHA256
6ac7132dbd87b7dbbb26199f543e2ae558f390157450a80dd509ac638e167b9c

SHA512
1d2325995261dc9d5aacc0d90c9b68d05cc24a554a1860a90d4068ba020c43148a456daca1dbca2118105f35175046c78486c45989ea98c02fea482216794b28

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads