Overview

overview

10

Static

static

10

9a1ad89234...1b.apk

android-9-x86

10

9a1ad89234...1b.apk

android-10-x64

8

9a1ad89234...1b.apk

android-11-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    16-03-2024 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a1ad89234fbe8a6ad1eca73c15e1e9f784b770d0f5c8cc8f7d025eeaea3e61b.apk

  • Size

    1.1MB

  • MD5

    e9742d2b7d663770ee70827b626c0cef

  • SHA1

    6b4c56d0c3a6b067049bf93964cbb7e463e312dc

  • SHA256

    9a1ad89234fbe8a6ad1eca73c15e1e9f784b770d0f5c8cc8f7d025eeaea3e61b

  • SHA512

    3cb4e259da3aebc31dbdcfca93c56a363a59c5671a6b6badf1e9c6a66dfacc8b3e4e9d71b2d3d83a7417cb62b3aebae5550076c3bb856794221c1583abeeec58

  • SSDEEP

    24576:UbChabE7bgPH3hqyGKb3lA1uojyw0ug/GRQG:UbChaA76sg3CuXJug/NG

Score
10/10
hookbankercollectiondiscoveryevasioninfostealerratstealthtrojan

Malware Config

Extracted

Family

hook

C2

http://64.23.228.21:3434

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs
    bankerdiscovery
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.fimudidukira.soducake
    1⤵
    • Makes use of the framework's Accessibility service
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Removes its main activity from the application launcher
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4437

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.fimudidukira.soducake/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/user/0/com.fimudidukira.soducake/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    a80380940e98229352ee3519633ab7ba

    SHA1

    588cefae9de8eff252a1a27bffd59fcfe127cc2c

    SHA256

    70c64a468e9b15a2ce89a01861198df1a2ac6368e7df41a3171723d993cd04db

    SHA512

    885eb7fef652adf9cb8fda98c16459d5906a7a0b6ebf21c986949aee64a28d5746feba15141459f6f9b0b1e6819580603dcacf94345935211334b5ea44c0e46b

    Download Submit

  • /data/user/0/com.fimudidukira.soducake/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    65d51379737471535ccb8faaa51ee93c

    SHA1

    31fab883a9c247e1bbce6a4d15902a05b2db1438

    SHA256

    c7672cc1ea8c1816f392028b0ddcf445f48834d6fb846df437e870f12bfe597c

    SHA512

    b145b0dfb8a6c908c71a57166818aeaafcfc8ba63dae4990561af4424d28f039f60ca284b4957048f4e0db7de0ee580f3206d81071b5ce2bd1b9796e135abf3c

    Download Submit