General
-
Target
03fd36208bb97fc01abd39398b4b9cbd9085bbd5ed14bcb91fd7866daeb82849.zip
-
Size
2.8MB
-
Sample
240519-bc5dwahh2z
-
MD5
cfc3f2ec53e85a24fa3d571813e0f3eb
-
SHA1
8f9e04dd0fe6983656104e1370355f4f5e2c4e8e
-
SHA256
03fd36208bb97fc01abd39398b4b9cbd9085bbd5ed14bcb91fd7866daeb82849
-
SHA512
3248a029e2bdbee11944d7a741dffc58441c72562d1289a944b9be4060fba9316b6cbf2ef79e14cb225b275c91360e26a45104a03c61deeb254bf7ae8ab82ff8
-
SSDEEP
49152:VkZVG8LFLBeO+roHzvHIIplok5lEcEnVeosdqyzHeXboug/Tf4:mZVXLFLBedEHrHrGkoZVeomqybeXbC4
Behavioral task
behavioral1
Sample
03fd36208bb97fc01abd39398b4b9cbd9085bbd5ed14bcb91fd7866daeb82849.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
03fd36208bb97fc01abd39398b4b9cbd9085bbd5ed14bcb91fd7866daeb82849.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
03fd36208bb97fc01abd39398b4b9cbd9085bbd5ed14bcb91fd7866daeb82849.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
hook
http://185.196.8.112/3434
Targets
-
-
Target
03fd36208bb97fc01abd39398b4b9cbd9085bbd5ed14bcb91fd7866daeb82849.zip
-
Size
2.8MB
-
MD5
cfc3f2ec53e85a24fa3d571813e0f3eb
-
SHA1
8f9e04dd0fe6983656104e1370355f4f5e2c4e8e
-
SHA256
03fd36208bb97fc01abd39398b4b9cbd9085bbd5ed14bcb91fd7866daeb82849
-
SHA512
3248a029e2bdbee11944d7a741dffc58441c72562d1289a944b9be4060fba9316b6cbf2ef79e14cb225b275c91360e26a45104a03c61deeb254bf7ae8ab82ff8
-
SSDEEP
49152:VkZVG8LFLBeO+roHzvHIIplok5lEcEnVeosdqyzHeXboug/Tf4:mZVXLFLBedEHrHrGkoZVeomqybeXbC4
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Queries the phone number (MSISDN for GSM devices)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Reads information about phone network operator.
-
Schedules tasks to execute at a specified time
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Foreground Persistence
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
Process Discovery
1System Information Discovery
2System Network Configuration Discovery
3System Network Connections Discovery
1