Overview

overview

10

Static

static

10

0121588ca4...2f.apk

android-9-x86

10

0121588ca4...2f.apk

android-10-x64

10

0121588ca4...2f.apk

android-11-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    14-03-2024 08:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0121588ca4de977d77b3492af120588890cf758924fdb3412b780879d8d2192f.apk

  • Size

    3.3MB

  • MD5

    8d958576257733bd78fe81f84e768ed1

  • SHA1

    cd19e464b30b42d80a532cd994828696dc5f7b9b

  • SHA256

    0121588ca4de977d77b3492af120588890cf758924fdb3412b780879d8d2192f

  • SHA512

    9352203c5c06e69a2521041f3eb4751af80295ac50828b3e6a7d653198e6fb4db671b2fa214e3e3c166cf2a4c22ef54a5e87e40d6ce145a32a5c23b71a487683

  • SSDEEP

    98304:TAxM4GZm5vjgae1B4IIDjl5OMxeAPuYXv+r5Pd:xZwMaQ4ImlAYeQuYXv+r5F

Score
10/10
hookcollectiondiscoveryevasioninfostealerrattrojan

Malware Config

Extracted

Family

hook

C2

http://77.246.108.116:3434

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4177

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    8695faee816f847d1a58a75d7bdefc45

    SHA1

    a2f38057ac119cae2e61ebe2a274ddd852e178b1

    SHA256

    6f26a8f34909494beec866082bba342cdc9ca174562a68ad75b401ce19b40f8a

    SHA512

    25c478e717529346beb8609bc357d9765630dd3609905c829b186a67161b8c16cf98396cdb7b0d8e316f32933b15f4dae3aa2909f7468f0c2473f8767414df5e

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    4af940967a863db6eab6e52a16800884

    SHA1

    ba4637c542af19268d18eee9d514d63b896afb97

    SHA256

    ec1d6a5bcd02d286de86615950ccc79f62c6254246c3469d38c4392b33fe02d0

    SHA512

    3aefca17b53a7b22deef92b2fd17be1e9bdd6a34df2bfa7997a467288297e6bbe0512fd730071d3c8fe5d8818a2cf60f4632b1b2b1afd8f94b49aa44c3963543

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    ec406d952bf7df20f613016f649cf2b5

    SHA1

    81fe23bc7ed4aec47d7c16c1ccf065a09657d5f5

    SHA256

    30ada8eba1479c4bec6d02d4ff6ad965d79fc6c5123085f0a42ff288479b0e75

    SHA512

    0d826105edcf3a7977c4616ab68736d517d6c85cc153c56bd8e5cfe4ce33416b1858dfd97d33f563fcbb924d54b7a3589d55e1e5cbe847be099f0bd097f5b2fc

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    5666b6a9c46ca09718bcb2977b0f70be

    SHA1

    fd43cbbfa3d329a5bec3ee0ef4c3f82951e9933e

    SHA256

    4bb768cbfae6f81a8ec56147365ca19ef8c2699d3d3117753b0194dd40b48318

    SHA512

    fc57afe3d80eebf23c33edb2c8110a183b07101968e11b599b4aa6a07c2a98a1ae818fdce1edb58cd66f8d548911c2d9086d603c1a3d95e6c04a4e071df4288c

    Download Submit