Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2332e3ae6a...93.apk

android-9-x86

10

2332e3ae6a...93.apk

android-10-x64

10

2332e3ae6a...93.apk

android-11-x64

10

Analysis

  • max time kernel
    41s
  • max time network
    159s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    10/04/2024, 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2332e3ae6a6661124bb0c8950820008228b414164bdf285e6f72b21eb5f8a993.apk

  • Size

    2.8MB

  • MD5

    8ba409dc270b99a9d3cf027131f6a3e8

  • SHA1

    e1a56c0a7023aa3d046e04ce818a27f127986477

  • SHA256

    2332e3ae6a6661124bb0c8950820008228b414164bdf285e6f72b21eb5f8a993

  • SHA512

    acad52afc4e8dceae8e0202cbdf05270dec1ae136473fae3f7dd09c3ff26900c93ed0338da1f2a138abcace24693ce57ddd2c31a058befcf04dec0879c935d51

  • SSDEEP

    49152:OB2icoHtrPki1US8fId8R9Ra9MIoImb+o3dm3PXEA3hnoXivlzp/Xnkg/fr:OB2icoNr91Zr8BTIopbBNmf0ACXIpX5r

Score
10/10
hookcollectiondiscoveryevasioninfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

hook

C2

http://91.92.254.225:3434

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 2 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasion
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about running processes on the device. 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Makes use of the framework's foreground persistence service
    • Queries information about running processes on the device.
    • Acquires the wake lock
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:5029

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    15f3c83f714266ee9164c89d6c7b0e60

    SHA1

    4514c41a2daacc80498d5bbb2e326b8a5f31974d

    SHA256

    84f3c2535aba2591468d892e692773f8a0f74f62fa1a3b8a97d6bb7eddcae8d3

    SHA512

    3156aab4da8363fdb0514ba64122b11809236716e7edd1a10a85a3407de9b1d3990d7535bd7bbba92c1002dd7aac975e6c380fc2a1b0a6f3d5f02faedd10f55e

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    17353b9ef4cf7a9b159bbf42863c3d9f

    SHA1

    0dffed6472964772b15ebd991eeebd13508ece05

    SHA256

    29289a930d4fc6f86ba105dc6f2c8b29a130dad965eda64ffce68409d0094ee5

    SHA512

    ce68ad829fcead7bc5bee316a9530c2c4dbc1d5669143f69e27e56542b521f6af39b754d49b7d5969dc4c3020a7eea6020f8536491ee093a52e73057ebcd1748

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    09d9a12a51b8fd601d85334a4e74c1cc

    SHA1

    2d16424aec41c987e4589f3e5b8b5071794f3cff

    SHA256

    8bb02475065f43cee7e09dbb41bae6b492b03d7234b516ecb83c784b3dfa46a3

    SHA512

    52a48e96fff308e74a7ae40bed06a46df7723135d843932c6de406046e9a84964b4c99d3cd480a7c79e1a1aadcbec23fe411f931eb165c1dcb76f8551e8a5c46

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    2b7a391b8824d3f25fabc3875191f2cb

    SHA1

    12bd34c313be77bbf497940af9f9035bebe6c995

    SHA256

    90a296cd4ee5c4cf7ff8101843f14c8f9515672d7be1a3d1b81b7244bb68c49c

    SHA512

    d4e5e1a0312926e439ca1f7abe43a618f6fd2bddbba591d126d05cf569f1cea547b02ef46d13fa2889da434ac75aa686901f79d3ef555a91d842a95001f4c4d6

    Download Submit