Analysis
-
max time kernel
149s -
max time network
154s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
-
submitted
20-03-2024 22:00
General
-
Target
5e0fc93b7a51c6a02d2d987a49d56a85ff18e02971f2cb7c38d5fc839b516e61.apk
-
Size
3.5MB
-
MD5
abc112e36234181d24e88c75b6619636
-
SHA1
0c2236f7ccc076d4b216643eafd5c4f7c5371107
-
SHA256
5e0fc93b7a51c6a02d2d987a49d56a85ff18e02971f2cb7c38d5fc839b516e61
-
SHA512
b94c636fa634e03ba5bea711332d540686e6cd9729fde2dbf3af237ebad0e283d3bf4142a626f3b7b3491ae84d24307b27b404ec0bf057c1e3de7adfe42418f5
-
SSDEEP
49152:BkO5Xv7w/+0wbGrROBGc033Y5DusgLOQZngQK+76fFyiVA0g+VMo2QQchg4mgecZ:B9Xzw/ybGsG6EsgLXd5KeRLupFtZ
Malware Config
Extracted
hook
http://191.252.178.207:8082/..
Signatures
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service 2 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock 1 IoCs
-
Reads information about phone network operator. 1 TTPs
Processes
-
com.fisofipatedaru.faxu1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5d032893d872e6637baf66bae50efa395
SHA1d7b498930bc5696f0a1abc2fb82909bcf3304c0e
SHA25649dc610bc56dfca9f587382c7927a89f8ed3ed1e57ea41ffaaa0e1be8d9be2ea
SHA512c70d15863a918db4534fd184c53ce0f9aa39c7e4177a9bbf6388ca24695d82ac589efbbf6d1d9ef0f7adb0b7d026657faa79c374aff92e0a7e5b1ced30da0400
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
16KB
MD5d611ef981e4ef769aa1f80a13402fdcf
SHA15984e09c9a4de4f9f8693c485ea0529b33546437
SHA2561bb92823089bedda1a3538896fc4e13c0fd8d4d65defd30570609b7ee5b7a923
SHA5121fdf02d5239c8285e6d701a22cd4228cb0e12c6a2cbfa160ff00539c8f24a01edb79faecd42c33bf0b2094be30f7d1d90710015480d70ae29266d9dd9a73f058
-
Filesize
108KB
MD5e70e6910d419f30b351a52d5c56b6d5a
SHA1ed2dfd9faf88da9fa485ff9ab5b15572c1421685
SHA2565a3afe4abe966962233e0a587939111cfa8b1fa4cbfcf9db6bcfb016dc942e3e
SHA512b42249d5d7cb446a9d9e9a5bd160146ca72e4eeacc0977ed0ca4d42013235c828fb612f0f790003a156aa0b725fa1be76a82e8e9033ed874d5f6e6415ab863f4
-
Filesize
148KB
MD56a11812f4a4e56f8fbd8ec63e9bf5e64
SHA168b7cc34c57d4f5c15b2e2797514b39189b35727
SHA256b62a998144f5c8601cd38b95b939dfe4b9c356661ffcdab670b816ef62bd55ef
SHA512d927f1575ccc91ec41614c9f5d08133697d3d473d96d7d7d59042b0f9f50572cb80390d5eb89a7f4e14a50792af04f871c676af95994ef60fa31a117c2fe5d82