Analysis
-
max time kernel
150s -
max time network
158s -
platform
android_x86 -
resource
android-x86-arm-20240221-en -
resource tags
-
submitted
20-03-2024 22:01
General
-
Target
2142671d090e4c857137bff71cc13f05a25fe1e95bb8fcf80f554f3adf29910a.apk
-
Size
1.1MB
-
MD5
0b98aa107b4610cc9c2b15e685e9c802
-
SHA1
cf612eedbe423d7c30a4bf09c3e798e08a512458
-
SHA256
2142671d090e4c857137bff71cc13f05a25fe1e95bb8fcf80f554f3adf29910a
-
SHA512
ea2c03fb5194b4ff2957ffbcdda475924f4f99f86a83b747ff63725cf0789ecbd19b06db858bc7d7b433fe3fbb992f197417bf3954add8f3e3ace31131b3f3c4
-
SSDEEP
24576:BT282S4HtuWZ0p46B8ZJ8SV2BrpM7k9eLxg/Si:Ba82S4NZOp46B8Z60VLxg/p
Malware Config
Extracted
hook
http://170.64.183.64:3434
Signatures
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service 2 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Requests enabling of the accessibility settings. 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs
Processes
-
com.ranixebovura.delasawa1⤵
- Makes use of the framework's Accessibility service
- Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
- Removes its main activity from the application launcher
- Requests enabling of the accessibility settings.
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD575e163108dce456148b1be5c43cb48f8
SHA19329f7453705d0a3f5781cb8f72da200e257499b
SHA256e82738b61ecf7d0952c399e4877ed3fb05a62c3996cf6b658d2cf519f5c01678
SHA5125ff52698e58b40ef83921ddd3980a513a2c981fc83f1ed47ba4d4ca93c64c4a87b11acb94e6dbdf55d6304c09ca0909fbc4f0be6ea81bb0c43e3ce8d2780fa21
-
Filesize
28KB
MD5cf845a781c107ec1346e849c9dd1b7e8
SHA1b44ccc7f7d519352422e59ee8b0bdbac881768a7
SHA25618619b678a5c207a971a0aa931604f48162e307c57ecdec450d5f095fe9f32c7
SHA5124802861ea06dc7fb85229a3c8f04e707a084f1ba516510c6f269821b33c8ee4ebf495258fe5bee4850668a5aac1a45f0edf51580da13b7ee160a29d067c67612
-
Filesize
16KB
MD56fe0e3bd5fa5479ac0c02faf60a75b24
SHA12413a0bcd2f1e60ecfb660094841700cb0be6d02
SHA256ec825aff3410d54ac43d318cf9f1a438df9c57f78c8234d8a07370c72202a11c
SHA512903e0ebb81caf81ccf0edd4c8d3fdaf6decd6b092ed4df6c42f33fc962f7fbe870dc4c44ede533f8801326c1eb90467c59726f3b190973a6ecaa9f6e97aa593c
-
Filesize
108KB
MD5c7c86cadc9d57cdeec01a338e6a26e49
SHA17da44d28e5fdd7bf9372071bc5d5cddc11d1a3fb
SHA25667b570d77b30e8abec19dd2383c9e7cce0e2a3243782eb6d1d00287703131bf9
SHA5120decc74fb7bece4b39eb44078e2bb7b18358824be489f7ff02adbb53ac7c4a40a2d7327477e2441bbaaae06afb69cb1becfc64f9d92c9fa11cd1e3f0eb5238ab
-
Filesize
148KB
MD585fdfb8405889abba62ed55247c35a5f
SHA13181c6027a015265314e0f6841d90a77def0649d
SHA256a6757dca33b87efefc36012b78fb38f4e61de07783286c57d4db52c203c1eca2
SHA512c6016389e6dd08f71f18571d6ca3619d64dadd04c345fcda4dd4c644222f7e2edfe5304f0aca758ed4615f1c2f9edefbc36e46f48218c4e1bde40d8e8bebb224