Analysis
-
max time kernel
153s -
max time network
156s -
platform
android_x64 -
resource
android-x64-20240221-en -
resource tags
-
submitted
14-03-2024 09:00
General
-
Target
0121588ca4de977d77b3492af120588890cf758924fdb3412b780879d8d2192f.apk
-
Size
3.3MB
-
MD5
8d958576257733bd78fe81f84e768ed1
-
SHA1
cd19e464b30b42d80a532cd994828696dc5f7b9b
-
SHA256
0121588ca4de977d77b3492af120588890cf758924fdb3412b780879d8d2192f
-
SHA512
9352203c5c06e69a2521041f3eb4751af80295ac50828b3e6a7d653198e6fb4db671b2fa214e3e3c166cf2a4c22ef54a5e87e40d6ce145a32a5c23b71a487683
-
SSDEEP
98304:TAxM4GZm5vjgae1B4IIDjl5OMxeAPuYXv+r5Pd:xZwMaQ4ImlAYeQuYXv+r5F
Malware Config
Extracted
hook
http://77.246.108.116:3434
Signatures
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service 2 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
Processes
-
com.tencent.mm1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5cb8868e36f164843a34546ffbb5d97f8
SHA136ab9f6d556ac0192dae31fccefea49e4912e5d9
SHA256969b6d5ab206c455e64a0017dbdb8f8fb1539d26ad3b8e5f82a6e7617efff33f
SHA5127542f51a30730553d22b8384a83f73697d738b6e14decc895c77cdfd3f5cb57e9c6bd93b91c6cf197ed726e40336d8cd12a4b380b52a1eab2a537e77510366a3
-
Filesize
16KB
MD5a574f1058d2971a01173348b67eb0697
SHA15527f7ed2510f98643416e6f98d681c9a7c0b280
SHA256d90923095e4a4bf3d9d239d12ccce07e6497bb99308db8a7793288f4486338b7
SHA512d6a8625ffb7bb769f4c13c52d93a68ea5ea8011f5a48c698a498b1764bdee781e40e38a08890a05d322bcfd03606393cca27fe773c226261a6ddebddfd9d5a79
-
Filesize
108KB
MD5e7919b1f1242312c08c8bebf70d7a697
SHA14e5b373fc02311ec9e93f2d5f3efcfeec40b3031
SHA256b8cc49ecdeaaf72ee78a998359888c20e5d5394379d92556cc7e0bf6dfda6419
SHA5128144636044e2476a9ef9ad0685a5fd8e770b0b2bd176d3e1b5697953bb680cad269e2571fc1181c65de19aad011a2598b0fddefcaf59cae0e4175c7d3ea3eca7
-
Filesize
173KB
MD5e92e2b9955d55de25119b7909d880e39
SHA113fbc78ba852f542c520ffe2131258ea0f16d7ac
SHA256cbe18016406121d49d814f5ac5fce08a6f4ad527d3f45521bf2895b7d2f0db4a
SHA5120904b43944a4f6952801dcdc4175b15e5f108864a4b73d1711e4a9ceb2cf91c4b521823820f173de267f36d6fd390127ad63873d1e6ec954ba74df70262c0626