Extracted

• • Target

    8401f87e90c842c540c3298dcea49595bfc484da3de1a2696a809687ee59de75.bin

  • Size

    4.0MB

  • MD5

    de1b09e47afa84ddf55bfa3436d9769a

  • SHA1

    34079f50ac7d78d800137adc4bf6e46faca90210

  • SHA256

    8401f87e90c842c540c3298dcea49595bfc484da3de1a2696a809687ee59de75

  • SHA512

    f1104f1f3197675633f656da0c726bd28eb79220a831a5eef3b3ac01fb148d79c98a07a3cd9f28dbd8062b87a58b88dac3654dd46bb41f41af0dc2242c190d01

  • SSDEEP

    98304:kbOl88NNj1I/CLZjvVQRySr1pcdxkQp/p:tTNV1g6ZjteyAvkxJp/p

  Score

  10^/10

  hookcollectioncredential_accessdiscoveryevasioninfostealerpersistencerattrojanimpactstealth

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Removes its main activity from the application launcher

    stealthtrojanevasion

  • Checks CPU information

    Checks CPU information which indicate if the system is an emulator.

    evasiondiscovery

  • Checks memory information

    Checks memory information which indicate if the system is an emulator.

    evasiondiscovery

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Obtains sensitive information copied to the device clipboard

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact

  • Queries information about running processes on the device

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Registers a broadcast receiver at runtime (usually for listening for system events)

    persistence

  • Acquires the wake lock

  • Reads information about phone network operator.

    discovery

  • Requests disabling of battery optimizations (often used to enable hiding in the background).

    evasion
  behavioral1behavioral2behavioral3

• • Target

    amap_resource1_0_0.png

  • Size

    24KB

  • MD5

    d9e612e434d8ca593ac46be40ba60728

  • SHA1

    5c306bab17293463b336017e4c8d4259a35795e2

  • SHA256

    89a8d43f11c1c61827938c9b81b8ec165f87e9cf65d07e7b8e10ab5796ac9984

  • SHA512

    e78b351826e91c0e4500ae768018274c99fc283d8f083289d19af661eedf7bda6c685d655dd8a1cef70bc2937fec4e5b91b40be13b9047848aa5322370f61968

  • SSDEEP

    384:cNxY1sTiUwgYBsutSLGHIjJyo6oAJUXBnym:YxY1sGgitVoQoAWxd

  Score

  1^/10
  behavioral4behavioral5behavioral6