Overview

overview

10

Static

static

10

62b51a1317...47.apk

android-9-x86

10

62b51a1317...47.apk

android-10-x64

10

62b51a1317...47.apk

android-11-x64

10

Analysis

  • max time kernel
    46s
  • max time network
    186s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240514-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
  • submitted
    19-05-2024 01:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    62b51a131747e8e416bedef0fd3c32cef055e33ba8225f6c174951c8b14fbc47.apk

  • Size

    2.8MB

  • MD5

    28c1720427cbbd5358a817b609301c7b

  • SHA1

    d9010acbe6bbefb9dc7ffbdd17b5196e9d020814

  • SHA256

    62b51a131747e8e416bedef0fd3c32cef055e33ba8225f6c174951c8b14fbc47

  • SHA512

    c57ec88f1e78284bca904b1b6ad8da676f5a0162635b1970e64096e3cef938d8c3b2b2b4cc089404f2532d0162b22d175a5081f736c60a0ae3c831cd17482c2b

  • SSDEEP

    49152:ZLYhvMfJpLF2fjvKwux2Qot8J3fXE469WZmEk/Xx3g/44:ShveF27VO2Qot8/6wZmEuXj4

Score
10/10
hookcollectioncredential_accessdiscoveryevasionexecutionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

hook

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Prevents application removal 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to prevent removal.

    evasion
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Requests enabling of the accessibility settings. 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Prevents application removal
    • Makes use of the framework's foreground persistence service
    • Queries information about running processes on the device
    • Queries information about the current Wi-Fi connection
    • Requests enabling of the accessibility settings.
    • Acquires the wake lock
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4608

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    c377236e9327a5397a0de1a366682224

    SHA1

    2bea812cca096b8d282086b2fc4cdcd4c8730c67

    SHA256

    c701dcb0487e76d80be9dea455689d9f0ce50bf658126e41d16afe413383ebec

    SHA512

    47e6789ae48dd158790a7d8123880c95224ae132d842fb82455c8d734ef123b1d27794e4b3c4f85e70155d99a3d3231560e598982fca7ba323ff114462e7e88f

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    251c4a3bcc872823d6bd22507238f2b4

    SHA1

    24b2ff31b76bf0dd1abb6ec1ceaa803dd2550e16

    SHA256

    602a922565411442becf34e119cd6e2094faeeb58972b850f728ba8fd360b48e

    SHA512

    ee3274fe6e78734f7f6b27119391759f107727468de01c2ec88119e9a97f7d0e6ec1d11ae39455ecf436737c2c74f3db00ed7cf10b906e1b06a6a27bae47993d

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    392a831b23817186a252e8a2238fdb3c

    SHA1

    c05b7b5f3160a8fc5a7b4edf1fb0f295ba319622

    SHA256

    c12ff417153945484d82a63e17f18377da29bb0c98479ab3121006a7004ec53a

    SHA512

    3df47eeca9734f6b65337338a37c2ab1837b96d56adf1593c33762efc7287e73fdb3aa1ff71087efb00f7181657247c1ded1e060fc941b029a0028a0ac5760ed

    Download Submit

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    8ec2211e9b4b70d2c6af9e5bdface5c4

    SHA1

    be98229d131f352d335f902255757d309e4fb69c

    SHA256

    7db5edeb2608b9a9d4b7bfd05ae4f645e3b2255575972a49751128d72997667b

    SHA512

    63f70602ea34c1d9e57a4c74536cfa4ad1c9cafb26a7e6762aa786f35ad9d989878408af558c8534a232060307800c55f5c691b80c58fa0c3a5e08b727076940

    Download Submit