Overview

overview

10

Static

static

10

9073568a18...ca.apk

android-9-x86

10

9073568a18...ca.apk

android-10-x64

10

9073568a18...ca.apk

android-11-x64

10

Analysis

  • max time kernel
    179s
  • max time network
    170s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    14-06-2024 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9073568a1855141fa0de08a35fb37216b8571bd92cc45a564af2d787e8924aca.apk

  • Size

    3.9MB

  • MD5

    c4c311915dd408fac880507dfb257742

  • SHA1

    d94dd0f7f95254eb7fc0be983007c136a56c9684

  • SHA256

    9073568a1855141fa0de08a35fb37216b8571bd92cc45a564af2d787e8924aca

  • SHA512

    25a2723ea4a8e8d0a8dc9a7bce5b099ba97809de286313bd77869b89a42042b2f8ac50f95542afc94ea2d2e9b0ad9e22105b46ed6fc428fa53b140191035fd9d

  • SSDEEP

    98304:sFOWOm3i/0E6/LkCwGG4ZJ8a96F8UJ3SCLaaiNS6:sMPQFTgGG4R90DJ3WNH

Score
10/10
hookcollectioncredential_accessdiscoveryevasionexecutionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

hook

C2

https://ws.lookonstars.tech

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5125

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit
  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    62be0b33a9c2d40e508aec4397c61057

    SHA1

    1044e2b8bd8b85a169b3f2a1abd1feb0b6b371f2

    SHA256

    c3a3bd7eb5eee5a7a048b3350e4b3713ce73b0b600d154a4934cb1054305dd64

    SHA512

    40e84f6438da62b5dd8ec962d6c0b71d338e191a04170a12d54b95239ccf736b376be3a60b6f34bf7a6e88232b6e1e540971bc9fb850ac86153a7c371e8e6ac6

    Download Submit
  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit
  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    6e5ef57fcd4c518c5d6d3cf41580f43f

    SHA1

    d2f132a4aeca0bb559cd8acd4377728f87e7e685

    SHA256

    0c3a7cfdf67c025f27faad3cd33b5670e81ad139c6f9b4a51552d3509d5e7c91

    SHA512

    8e8e8a2ea2f842e5287d5b8abbaca43b92391434356d3d5fdd2d48ac06fda9f60e6ea04b3364cba1a81a25c3ac034af11c4539d682cf4b67972be50f3db6db8c

    Download Submit
  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    2a2bf18060a5a07bc02eef28b644fb38

    SHA1

    81e79cf0306c106c61ba61abebfef21108decd63

    SHA256

    773885c86e925d309a901101da5023ccd252fc5aaee9253be53b7e4aebf4ede8

    SHA512

    e9df876e881c2d718b91a70d20e40a5b8bb38adf127e9fe8320b3c02d1ebb11e4dfe4521146e54deb8bf310a94567d19f365eb01a52f442480e43d3329a9b30f

    Download Submit
  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    e45928e80191aeded38c78124ce7dac2

    SHA1

    2820afc517b4258141d1640722c9069914233186

    SHA256

    fc290a453117812b0e88b63355e3fd3cea9d56fcd47c0314c39344221f21caf5

    SHA512

    58c4dc70e36853873cc57dc1f1496a941f7e4e5b5d6aaa7fc8aed62676b3d8ddacc4e439982a40c656db793b8f6c685f178a4fc2565598fc54555e28c8768a9f

    Download Submit