Overview

overview

10

Static

static

10

1c2aa3d2a5...34.apk

android-9-x86

10

1c2aa3d2a5...34.apk

android-10-x64

1

1c2aa3d2a5...34.apk

android-11-x64

10

Analysis

  • max time kernel
    19s
  • max time network
    155s
  • platform
    android_x86
  • resource
    android-x86-arm-20240221-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
  • submitted
    01-05-2024 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c2aa3d2a5447dcde6a048109dabd269ecc3aed19053fc6feacda31c69c1ed34.apk

  • Size

    2.8MB

  • MD5

    32e4a416df3be94085d5d759f4c30f33

  • SHA1

    494cf06282b76fdc892ccab1e8d94bae4995e3bf

  • SHA256

    1c2aa3d2a5447dcde6a048109dabd269ecc3aed19053fc6feacda31c69c1ed34

  • SHA512

    ab69dc9c96b79b16575d46a0ebd70cdc8f41cb0c8729957b7d5bba9be43505a274176fe4bdf62981e07d477a445ceeb39868578376dbe154c013376386d86f6a

  • SSDEEP

    49152:v0vp81hRdDuxm5p6DlktE3/RVEGFOZqOelEC0VQL+2ho/QrFi9j1nsLyDXgXg/81:v91hRUxQpIlaEZlFkeSCQQi2ho/T9j1Y

Score
10/10
hookcollectioncredential_accessdiscoveryevasioninfostealerpersistencerattrojan

Malware Config

Extracted

Family

hook

C2

http://54.36.113.159:3434

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Requests enabling of the accessibility settings. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Makes use of the framework's foreground persistence service
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Requests enabling of the accessibility settings.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4225

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    d2e7e9eb74179897589f2cf386982174

    SHA1

    3fb02fc66a180820954f3f3141da69f7ef72f3d8

    SHA256

    f6d56e01a8f88ef6603e1adadb91d79ae0aa381ddc2cecef59799b077b64ae50

    SHA512

    98ff38fc010a7a6be6632da75c79a0a6bbb85b812ca08d76d4f53b6a82813e2b0140e0296d34c6091a0278ca9b5e5c6d9b420f58d00d6ed3f140291dac63423e

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    aa660ab768043b5a766fbf68b2ce31b5

    SHA1

    c47fbcb5548aed150c8584006b15a66ecf610107

    SHA256

    2c6264b3ea49229adc08b1aae77d76e985c030ab6039035bdd14d539a0b1c63b

    SHA512

    fbc3f155c1af79a85e04f3833a123e39c6f1159a68e80600c1b950b9cc4a84799e82ecdd7a179c589628d85cf49f3ef5395b09729a94ccc592e6d2c822b7632c

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    23e67463c54f59d3e4ffa0cf53833879

    SHA1

    8af8882d135aef1a0ed69836be9e83aafeb1809a

    SHA256

    02dbba2f925f1d9ca02a1e6e39f2a45a7885c2ee3e00a929e877b59a9bafbe5b

    SHA512

    74f109b98c6bcdeccc1983cdeca39eb23eb713ec7bfbc4995ef0e7731805c477fd321fd2274b0d234d7a2120da48392a433010cd14f602d68821871ffbca2eae

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    2958892a5abb98a9b9c66a3675e5a5ca

    SHA1

    86f2a42f5552b3961de6629235c4345096578eb9

    SHA256

    4211fa426ed15bad0244c5a06edc367aa8ba47640c236afac4da3c785e1ef92d

    SHA512

    abd27a47986166ff550f098cd8b100e688e17f3d94959f75caf7911f40c22284d02ca18f9f80edfeb3750ef7c2514b30a2001ec28d0f1663db246258a1ca5e85

    Download Submit