Analysis
-
max time kernel
152s -
max time network
159s -
platform
android_x64 -
resource
android-x64-20240221-en -
resource tags
-
submitted
20-03-2024 22:02
General
-
Target
206c7ef42f47e0ca6edc2db4e5754d6ccd07ab915aea849e05b1c136a73ceee8.apk
-
Size
3.5MB
-
MD5
515b179c5d1be69c73ebef0b63d92d92
-
SHA1
ab7aa1ad0f6b4c3f2ba8aee97e2f78ad3b75b646
-
SHA256
206c7ef42f47e0ca6edc2db4e5754d6ccd07ab915aea849e05b1c136a73ceee8
-
SHA512
c2c6315eab2ce575c8c80c750f0f1e8a7a6a7671c549dca8797e5db5651e884e2faa250678f5cf4cd711a19c82dc3d7ce20b122510d86b80bef141f0f9685646
-
SSDEEP
98304:+JyF7AlcUwUH6O6oVU3EHUWAjXv4BFkGV4PYwIoKAko2o:+0FcwADVU0HU3jwUKiYwbH
Malware Config
Extracted
hook
http://191.252.178.207:8082
Signatures
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service 2 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Removes its main activity from the application launcher 1 TTPs 1 IoCs
-
Acquires the wake lock 1 IoCs
-
Reads information about phone network operator. 1 TTPs
Processes
-
com.karigaduvoto.leju1⤵
- Makes use of the framework's Accessibility service
- Removes its main activity from the application launcher
- Acquires the wake lock
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5f2b4b0190b9f384ca885f0c8c9b14700
SHA1934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA2560a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1
-
Filesize
512B
MD5d0c12320c1f701fd797976c15ecd07ef
SHA1ddbe47c7cc5273c774bcb1431db52cf03711b0fb
SHA2569dc35cd06c0e193dfe6d6dcf02082e2ef2c0da13a720579204382c091dc1dee0
SHA512d3432381ff7fb55c2896bd7960c1e98028c58679e9de4d1d525e139f128389e8d5c2a15fe27a0424118793f1827d1e95b4928f1895c1074860bb9cbba2951007
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD5221b77127702db8d6b1d9d10ea11baf6
SHA1d4e336f7d746b99c33b4af42aa366796ac0f4c07
SHA256afffe1de60f22b9deaafe7a30cbf40922296511b8122f6666f2c87ec2bce7ed6
SHA51254a422c6227f827eb60b5a82f52543dbc9cd3d328de0dee08a3b265ec471c63c24d4c3246578a54cfb1512a7cb89407f5beea696228c144f4fd407248b64f307
-
Filesize
108KB
MD555ea8f65bde71711b2a07338900ec676
SHA15e60d333cb2611daebe43e94d8a7df6cabd6c0aa
SHA25634e9b8d0762c47a7e197cc4b7914c027ead76033e82b3e8045022932e4d56412
SHA51205f7dc380e54505f25b44511d162b9b58fc143ab3bf77bdb71464f4a8bba2a328d6c019790da8371ab742d7b3649703b447590314835571146cc6fd87ec038d4
-
Filesize
173KB
MD5d1359f3392bc1679041f5e4ab79b868b
SHA1c03271a64855778d62f985f4822af92f2eebbcaa
SHA25670c047f9fdb87fc7955eb42b7df0f5350ab8ee66055dfa803b4b3a141bd40c30
SHA512ce05de0f4556203f5a2954b163991dddbeab2cc44bbd61eef27a2b354014922eabac132c0973d8c71412ace9551373e9e7c421f09f5e6983fd045ad6127733cd