Overview

overview

10

Static

static

10

1c2aa3d2a5...34.apk

android-9-x86

10

1c2aa3d2a5...34.apk

android-10-x64

1

1c2aa3d2a5...34.apk

android-11-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    160s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    01/05/2024, 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c2aa3d2a5447dcde6a048109dabd269ecc3aed19053fc6feacda31c69c1ed34.apk

  • Size

    2.8MB

  • MD5

    32e4a416df3be94085d5d759f4c30f33

  • SHA1

    494cf06282b76fdc892ccab1e8d94bae4995e3bf

  • SHA256

    1c2aa3d2a5447dcde6a048109dabd269ecc3aed19053fc6feacda31c69c1ed34

  • SHA512

    ab69dc9c96b79b16575d46a0ebd70cdc8f41cb0c8729957b7d5bba9be43505a274176fe4bdf62981e07d477a445ceeb39868578376dbe154c013376386d86f6a

  • SSDEEP

    49152:v0vp81hRdDuxm5p6DlktE3/RVEGFOZqOelEC0VQL+2ho/QrFi9j1nsLyDXgXg/81:v91hRUxQpIlaEZlFkeSCQQi2ho/T9j1Y

Score
10/10
hookcollectioncredential_accessdiscoveryevasioninfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

hook

C2

http://54.36.113.159:3434

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Requests enabling of the accessibility settings. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Removes its main activity from the application launcher
    • Makes use of the framework's foreground persistence service
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Requests enabling of the accessibility settings.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    PID:4450

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    09a1316a5b6f6fa0e0caa8d0d27a3a61

    SHA1

    19ce71c72cecb05c89a761419fe19dc0944ac0c3

    SHA256

    54e8ab156781a3eac9a9fe8f937ef2ad032fe36e59ce715818e70f6b554fa0d2

    SHA512

    7c80cd6cb627df5b2ac5d732c9e44adc92b6da5affb96b17c0b89e854e312d1191994607b299ed1565318d7379d2d48971ee95ec420436b2dbf56312c03e4729

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    d4f26ea0eaf8b6ed755d94ee73be7ced

    SHA1

    67b08f3c685dc7910d9719148bbd49e2c1444e30

    SHA256

    1a3a3af42aa8ec93fb65a9db7c7a03ba05aa9d4b29dc265967b7d8c7b0a54ccf

    SHA512

    906695522eeb10f3ec83c8b4b8e81f8c2c466335555b631eef5ca01f00cc7f4b1c0d03ce4424da7367d7ef6ad0b1b324b4ed6f5dea7d26b7697c68ae50bd6150

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    13cbbd73f7d0effbef7fceed831dd3bd

    SHA1

    932004b92d2e3b78f00152cd13febe6df0677b32

    SHA256

    7dfad53b51c409121ae7e5e47405a0eaecc554e7c6a19393094b0e5aa8594b10

    SHA512

    88852db94b88d8dbbe8617e942d0f26245075e2161dcaa39264738fda6618b1612ca353a8d8f662de6b9ed068c4d3371916dd45a34f6bacaec03d8e198fee7d9

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    0e349ad17223ebfe083598e5a7027c38

    SHA1

    70408f6cbbc06c437369aa2acdcbeb384ce8b757

    SHA256

    2b83e2f38a8271a73725cc6a918a1d0cda3b77ebefcb49f20d3a7c599ab961a8

    SHA512

    5ac3c0f397a71997714f83a1a3c1bac6a70249c5eb3b6ee6417d1ec9de368b6f916706d71cad5c6c52389b61388516fd80a2652f87a335130014c333cdc0f3ea

    Download Submit