Analysis

  • max time kernel
    153s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    14-03-2024 08:54

General

  • Target

    0121588ca4de977d77b3492af120588890cf758924fdb3412b780879d8d2192f.apk

  • Size

    3.3MB

  • MD5

    8d958576257733bd78fe81f84e768ed1

  • SHA1

    cd19e464b30b42d80a532cd994828696dc5f7b9b

  • SHA256

    0121588ca4de977d77b3492af120588890cf758924fdb3412b780879d8d2192f

  • SHA512

    9352203c5c06e69a2521041f3eb4751af80295ac50828b3e6a7d653198e6fb4db671b2fa214e3e3c166cf2a4c22ef54a5e87e40d6ce145a32a5c23b71a487683

  • SSDEEP

    98304:TAxM4GZm5vjgae1B4IIDjl5OMxeAPuYXv+r5Pd:xZwMaQ4ImlAYeQuYXv+r5F

Malware Config

Extracted

Family

hook

C2

http://77.246.108.116:3434

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

  • Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Acquires the wake lock 1 IoCs
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    93fac0136e6d61d0e26f9aa0dfa3c62f

    SHA1

    6bfb8175fab6c80b0eb5f54066b3993a2ad11168

    SHA256

    1c3fa5313c4a77b966c96f7b6e798621f810dd2e2de36cf093245380c2cd8312

    SHA512

    f0de14e9f237747160d2b3f4f1cf57d228a9828ee61a90b3db0db313a45a8eddfbada15bb294966c0367e9fcc144daf4d431618dc319d895b43f5277d89fd664

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    769ed9fb810b48cc79cf16973f2148cb

    SHA1

    c17b991803febb97f27598897d515abd455eb6bc

    SHA256

    adca7f522041947c0b884197a4534e0e2c1a35e5220bc18c43e17b245f70fac2

    SHA512

    fd136c1bbf3f60f00881f527ad835ea1e906f92eaa26f46c44287fdae386795480fc1f0313ef126a0a80315d83ccfc253ec11f3d78f0772d3c10ec944041ffd1

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    e6e35d7ba0a9a6303c1ea649bfd92a13

    SHA1

    8fc9bf23b8a9b35b713216063d7f1a3ee09c5757

    SHA256

    339634f7d38349e3aa7f5b7f760f97def403a4f3631d29690906504138d78dc2

    SHA512

    d4332606472b0b429a592db03aaf3b899461315837095c71ab7491f08a9e0130aa2c9534d0af1c0ae01686b577f2189987e79ece2fe53f9aac88adb79470d052

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    2b20e14f96362c7ff0a40aee8c26217b

    SHA1

    4036cdf81b45e9a8a946803fbbcbe55307da2af4

    SHA256

    b5cc584988358d601266569768e1ecde79704a22c845ea3c96459c01b85bbd7c

    SHA512

    659104284fdf0602cc578cd87e11ed4ec1bd7a4239474ba849cb95ae95d4cd8412ec7659ab7dd4ccfed6873722ff198281983f1a9bbb9034df57361aadce7537