Overview

overview

10

Static

static

10

7b2125a569...29.apk

android-9-x86

10

7b2125a569...29.apk

android-10-x64

8

7b2125a569...29.apk

android-11-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    158s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    22-03-2024 22:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7b2125a569736ad0f21671abc0532eb75825c62d1f66c02daeba9f7d6df14129.apk

  • Size

    3.3MB

  • MD5

    6655869d1d383f4dcfa50d1ce79400f1

  • SHA1

    5ca1d9317b46881d6d96e263c84be001be628b4e

  • SHA256

    7b2125a569736ad0f21671abc0532eb75825c62d1f66c02daeba9f7d6df14129

  • SHA512

    915fc72f92bdb1bef9b2103b65f553d4dc4099dc09c354f40dc2aef851bcaab9abab82c85e0ee3c3bce370c44b7abef2caeb85c3abda19c5c52bc357ccbdc355

  • SSDEEP

    49152:44dtlY6Fn6KZ/Pi3WD/CjnTxxooLvXZ+pYXs6lPhARlrkeHWD0uwAQb6qQdTh0gw:449YO6SgWD/CjnTzooDp+pYXLeGNaw1G

Score
10/10
hookbankercollectiondiscoveryevasioninfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

hook

C2

http://94.156.10.254:3434

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs 1 IoCs
    bankerdiscovery
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Requests enabling of the accessibility settings. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.cowukajagobulise.sabo
    1⤵
    • Makes use of the framework's Accessibility service
    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)
    • Removes its main activity from the application launcher
    • Makes use of the framework's foreground persistence service
    • Requests enabling of the accessibility settings.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4706

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.cowukajagobulise.sabo/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/data/com.cowukajagobulise.sabo/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    708eeb4ca8d7ebc6daacb5de4f76b94d

    SHA1

    8b7916d9084171785bebd7d38bb26f3a0e270a65

    SHA256

    f0328be62c812b4284bac1a733b43faa067991aad231203053e8c9e20e990d18

    SHA512

    e6efaf5bfc502587560dfe9bb11a10c1189dabff22374f88b79c6fc353b206fc1b6b229f6f41d8378247eebaf7903f0468804651133c15f3604648f574490310

    Download Submit

  • /data/data/com.cowukajagobulise.sabo/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    836b0dc93e0f12562e7ac38ff8566d90

    SHA1

    b8baf51696f8cea56e8ea49d6423c99ed2bb914e

    SHA256

    bb3b2cdcff10cfbc636384b35df6ac9bfef06962023b451b0d1c2e7e3e870fb4

    SHA512

    095fabcef2f0de9396c101e55461fea35c370dd17524a580fae7498480f8d2e3fc4f9e5213674f090206fb5449b45457c69882b81736a2d67a387b265f559f66

    Download Submit

  • /data/data/com.cowukajagobulise.sabo/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    62c463d5cb9a437f83b5f24640538314

    SHA1

    8f1c910c8ea3987827fbb1e4146e2cfa7ad72f90

    SHA256

    cc143c152d442b11a163d74742a57039e704e8e787fb489023f1d0b003f162bf

    SHA512

    082b650fd95d7f17986e218dab88938a93b95dde7a5ce3ca169fdacdf336cb06fa105f070a5eb0b643769b6f3612f6a9aeda1acbe7207a17b767468511164ffa

    Download Submit

  • /data/data/com.cowukajagobulise.sabo/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    39ac01cbe1107692526f0406449b49d9

    SHA1

    0eae135ba4dff0090e7d10a9e779d1c4ed9fcb13

    SHA256

    ec47fc1be84cb365c7d6f0551c509a468b5d45d60274c38df113c6c6b1ee9d31

    SHA512

    b60aaa0a4629468fe8d5d2abbedc78a885b3c1621bebc9a6d20c5bf0709b10daab9b607866e7d644c60a009ce2588bf310af8f5d695ffb7b86f4c182c8eb8429

    Download Submit