Overview

overview

10

Static

static

10

62b51a1317...47.apk

android-9-x86

10

62b51a1317...47.apk

android-10-x64

10

62b51a1317...47.apk

android-11-x64

10

Analysis

  • max time kernel
    78s
  • max time network
    151s
  • platform
    android_x86
  • resource
    android-x86-arm-20240514-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
  • submitted
    19-05-2024 01:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    62b51a131747e8e416bedef0fd3c32cef055e33ba8225f6c174951c8b14fbc47.apk

  • Size

    2.8MB

  • MD5

    28c1720427cbbd5358a817b609301c7b

  • SHA1

    d9010acbe6bbefb9dc7ffbdd17b5196e9d020814

  • SHA256

    62b51a131747e8e416bedef0fd3c32cef055e33ba8225f6c174951c8b14fbc47

  • SHA512

    c57ec88f1e78284bca904b1b6ad8da676f5a0162635b1970e64096e3cef938d8c3b2b2b4cc089404f2532d0162b22d175a5081f736c60a0ae3c831cd17482c2b

  • SSDEEP

    49152:ZLYhvMfJpLF2fjvKwux2Qot8J3fXE469WZmEk/Xx3g/44:ShveF27VO2Qot8/6wZmEuXj4

Score
10/10
hookcollectioncredential_accessdiscoveryevasionexecutionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

hook

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Prevents application removal 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to prevent removal.

    evasion
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Requests enabling of the accessibility settings. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Prevents application removal
    • Makes use of the framework's foreground persistence service
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Requests enabling of the accessibility settings.
    • Acquires the wake lock
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4314

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    ed7d1be89e71ba72846269ce54eeab04

    SHA1

    f52b6c9fc9261c40a4c89c8d63ee82b0c32c2f76

    SHA256

    7de9e7503d361ff3ca10208d1d292248d54fc4c800231db7ac9ed8ec86836a7f

    SHA512

    7af34f6ba5738e1ed7ca646542196b9a9379145464814cce9e3914d47b446d4ecf59314505a8db85dbdd50641fda9829e6062fbe4fc27505dd720cf067da7a13

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    769f5cdf169797eb9c07ccf8e89a4bf1

    SHA1

    e4ad540283812a5301cfbaec1811ebdcf549c31e

    SHA256

    ab164088f82a048316744ee8dec151fa6e161c129691c6a933a7e717777f166e

    SHA512

    c0da3e59f213565cc2438277543c1c1c529388ba54445ef39cf53dcd1137a91bf629504e7117aa8e13a4c29bef0c67aee2b48c27a114a4aa5fc26defaba56f6e

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    9c1022155973784908c20f7567116f99

    SHA1

    e4baa945b477d9bd66dab651d019f4f22d56ad4a

    SHA256

    05c50c575f67d6a367276f3b48c248181a3fc9df9d5c985a2c30feeed394ce5e

    SHA512

    08d79b7b648db05f3c0ca89cd733f67004e63e969de35b759394de78e79dd2fb0889f81d33547077115a080185670d176a0d33cdbda7f95189c326fdbbfd806b

    Download Submit

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    2ef0da43007c0a14a69585530ded3014

    SHA1

    656c63280d95ad731172e14183fb54dd1c19cb3d

    SHA256

    0a569ab0ed593a60c037643c4b6504f266b49a37f0f625abc63556fcbee0aadc

    SHA512

    ec24a6680190046f36f1bca5712701b93948b2b46a5b3fc4dc4453869a5d9bb6910e52183ea4823a712a4f9babc97e7f9258fd6f254e8acf81c59aac7053c560

    Download Submit