Extracted

• • Target

    c3091c704358f7b326543e9304499e2e5f1e27fcc43d84750c48fda232e37ee6.bin

  • Size

    3.5MB

  • MD5

    447868eb6480e83644df360ac8cb42ce

  • SHA1

    500c2b6e50511afcfe385a68bc279d2549894abf

  • SHA256

    c3091c704358f7b326543e9304499e2e5f1e27fcc43d84750c48fda232e37ee6

  • SHA512

    f439c758ef63151d5b012479268dca13c63229dd6e2a064ad46da227aeb4621f0021e3135c02aec4c8ecb1580a955da2d47bb1cc614aa7ca0466027ed8d3a518

  • SSDEEP

    98304:1B5GqqzNIClptDm9P6boJtD15qZ3O+BsaojFuf:HMLH3tqP6boJtjjqyI

  Score

  10^/10

  hookcollectiondiscoveryevasioninfostealerpersistenceratstealthtrojan

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Requests enabling of the accessibility settings.

  • Acquires the wake lock

  • Reads information about phone network operator.

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3