Analysis
-
max time kernel
153s -
max time network
158s -
platform
android_x64 -
resource
android-x64-arm64-20240221-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system -
submitted
14-03-2024 08:54
Behavioral task
behavioral1
Sample
0121588ca4de977d77b3492af120588890cf758924fdb3412b780879d8d2192f.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
0121588ca4de977d77b3492af120588890cf758924fdb3412b780879d8d2192f.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
0121588ca4de977d77b3492af120588890cf758924fdb3412b780879d8d2192f.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
0121588ca4de977d77b3492af120588890cf758924fdb3412b780879d8d2192f.apk
-
Size
3.3MB
-
MD5
8d958576257733bd78fe81f84e768ed1
-
SHA1
cd19e464b30b42d80a532cd994828696dc5f7b9b
-
SHA256
0121588ca4de977d77b3492af120588890cf758924fdb3412b780879d8d2192f
-
SHA512
9352203c5c06e69a2521041f3eb4751af80295ac50828b3e6a7d653198e6fb4db671b2fa214e3e3c166cf2a4c22ef54a5e87e40d6ce145a32a5c23b71a487683
-
SSDEEP
98304:TAxM4GZm5vjgae1B4IIDjl5OMxeAPuYXv+r5Pd:xZwMaQ4ImlAYeQuYXv+r5F
Malware Config
Extracted
hook
http://77.246.108.116:3434
Signatures
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service 2 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.tencent.mm Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.tencent.mm -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.tencent.mm -
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
description ioc Process Framework API call javax.crypto.Cipher.doFinal com.tencent.mm
Processes
Network
-
Remote address:1.1.1.1:53Requestandroid.apis.google.comIN AResponseandroid.apis.google.comIN CNAMEclients.l.google.comclients.l.google.comIN A142.250.180.14
-
Remote address:1.1.1.1:53Requestssl.google-analytics.comIN AResponsessl.google-analytics.comIN A172.217.169.72
-
1.5kB 40 B 1 1
-
6.7kB 8.9kB 27 25
-
240 B 4
-
1.3kB 6.0kB 8 8
-
420 B 7
-
420 B 7
-
240 B 4
-
240 B 4
-
1.9kB 40 B 4 1
-
16.0kB 11.9kB 40 32
-
240 B 4
-
240 B 4
-
240 B 4
-
240 B 4
-
240 B 4
-
240 B 4
-
240 B 4
-
3.7kB 11
-
51 B 50 B 1 1
-
69 B 109 B 1 1
DNS Request
android.apis.google.com
DNS Response
142.250.180.14
-
70 B 86 B 1 1
DNS Request
ssl.google-analytics.com
DNS Response
172.217.169.72
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD57e858c4054eb00fcddc653a04e5cd1c6
SHA12e056bf31a8d78df136f02a62afeeca77f4faccf
SHA2569010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb
-
Filesize
512B
MD593fac0136e6d61d0e26f9aa0dfa3c62f
SHA16bfb8175fab6c80b0eb5f54066b3993a2ad11168
SHA2561c3fa5313c4a77b966c96f7b6e798621f810dd2e2de36cf093245380c2cd8312
SHA512f0de14e9f237747160d2b3f4f1cf57d228a9828ee61a90b3db0db313a45a8eddfbada15bb294966c0367e9fcc144daf4d431618dc319d895b43f5277d89fd664
-
Filesize
16KB
MD5769ed9fb810b48cc79cf16973f2148cb
SHA1c17b991803febb97f27598897d515abd455eb6bc
SHA256adca7f522041947c0b884197a4534e0e2c1a35e5220bc18c43e17b245f70fac2
SHA512fd136c1bbf3f60f00881f527ad835ea1e906f92eaa26f46c44287fdae386795480fc1f0313ef126a0a80315d83ccfc253ec11f3d78f0772d3c10ec944041ffd1
-
Filesize
108KB
MD5e6e35d7ba0a9a6303c1ea649bfd92a13
SHA18fc9bf23b8a9b35b713216063d7f1a3ee09c5757
SHA256339634f7d38349e3aa7f5b7f760f97def403a4f3631d29690906504138d78dc2
SHA512d4332606472b0b429a592db03aaf3b899461315837095c71ab7491f08a9e0130aa2c9534d0af1c0ae01686b577f2189987e79ece2fe53f9aac88adb79470d052
-
Filesize
173KB
MD52b20e14f96362c7ff0a40aee8c26217b
SHA14036cdf81b45e9a8a946803fbbcbe55307da2af4
SHA256b5cc584988358d601266569768e1ecde79704a22c845ea3c96459c01b85bbd7c
SHA512659104284fdf0602cc578cd87e11ed4ec1bd7a4239474ba849cb95ae95d4cd8412ec7659ab7dd4ccfed6873722ff198281983f1a9bbb9034df57361aadce7537