General

  • Target

    645009f54f905fc1028e14d6277f554b7488a554ae1ad23ab178b912956e6f52.bin

  • Size

    2.8MB

  • Sample

    240324-1w8yvahb33

  • MD5

    375b10c55c8cb7b29524fe417d243396

  • SHA1

    52be64e2b7813ad5be64698fc15f9a58de89b904

  • SHA256

    645009f54f905fc1028e14d6277f554b7488a554ae1ad23ab178b912956e6f52

  • SHA512

    b9257eb55c6265f6f97cfe118f677e57cff66a2ccbe39a14442218ed3a5d489e5c21a89e4e4df4805f515a204e9f3fb0ad580b1e05f063aad1969ed47040b1ff

  • SSDEEP

    49152:ver8veugaZqoQdIU7MIVZz9AAFGpVc1KjrTCnsby0tCWelLpG/Xx3g/g8:ver8veu9qoQdIU4yqKKn9Vt2AXz8

Malware Config

Extracted

Family

hook

C2

http://109.107.182.168:3434

AES_key

Targets

    • Target

      645009f54f905fc1028e14d6277f554b7488a554ae1ad23ab178b912956e6f52.bin

    • Size

      2.8MB

    • MD5

      375b10c55c8cb7b29524fe417d243396

    • SHA1

      52be64e2b7813ad5be64698fc15f9a58de89b904

    • SHA256

      645009f54f905fc1028e14d6277f554b7488a554ae1ad23ab178b912956e6f52

    • SHA512

      b9257eb55c6265f6f97cfe118f677e57cff66a2ccbe39a14442218ed3a5d489e5c21a89e4e4df4805f515a204e9f3fb0ad580b1e05f063aad1969ed47040b1ff

    • SSDEEP

      49152:ver8veugaZqoQdIU7MIVZz9AAFGpVc1KjrTCnsby0tCWelLpG/Xx3g/g8:ver8veu9qoQdIU4yqKKn9Vt2AXz8

    • Hook

      Hook is an Android malware that is based on Ermac with RAT capabilities.

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Acquires the wake lock

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks