Overview

overview

10

Static

static

10

bda689dc65...bc.apk

android-9-x86

10

bda689dc65...bc.apk

android-10-x64

10

bda689dc65...bc.apk

android-11-x64

10

Analysis

  • max time kernel
    43s
  • max time network
    181s
  • platform
    android_x64
  • resource
    android-x64-20240611.1-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
  • submitted
    14-06-2024 22:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bda689dc6532b4978c5a97a87c2acc3cad767489414bbebbafe1325d03132fbc.apk

  • Size

    2.8MB

  • MD5

    c80ed953c2a8c2d67c197fa9e511185f

  • SHA1

    105ffa3299174c9392c14c62be88a19062cb9b10

  • SHA256

    bda689dc6532b4978c5a97a87c2acc3cad767489414bbebbafe1325d03132fbc

  • SHA512

    6d7e20047e21e3c4f99fcfdf78f90afc6c519490b213ee477dff349b4db6c219f80ed758df3240cb537e16fa4b80050a84352514882c4087fe16338394ed2a86

  • SSDEEP

    49152:GmL5UYOjHbx3MRZWIfDE3kHn1keRuKfJBhWzhMBQV2v7N/snmZUXz3g/9L:Gm9Qj7x8RZpDE61kezhWzhMLTdsJXEL

Score
10/10
hookcollectioncredential_accessdiscoveryevasionexecutionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

hook

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:5045

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit
  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    633670c73ffb7a6c7a610b1d91a9fcb6

    SHA1

    a6522d23be329e6e47c05b8ffe1ac52cb8b6bc66

    SHA256

    95c985e6d96f86f5ef63c78dabf9d569d95d01a71e7b0192483725f1e0857349

    SHA512

    b474d0fe13c3a67766ec14d2ef9ee52e36bbb13b96a6d75ada4d913a6fc5ff48da5c9cdcd652f8a0e850f066bb35f5a012dda69172b1bb4d2f216442741f9430

    Download Submit
  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit
  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    25844ca377552554a5c79ec3aceda778

    SHA1

    6cb2615033beb1961c10c3cb7dabb19d5fb7bb50

    SHA256

    6bb70018c6a3f881742d567a3334f7fb9374871b09b50f13667e07710e0f28fd

    SHA512

    c9e559309f4809dc058c0f17f26dd79b5f15543e343726dec555b9e12cf6b5d459f9850ecd29923bdd87938963fd27aa07756fe88737a8b3cec0e7a0132f436a

    Download Submit
  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    770acae92f7101b4cda146001e3b0ba4

    SHA1

    b9ad24f9e898f757d78832555727845d84cf4a04

    SHA256

    1e7602541ecbd12eb42bf99b2f3d2c3897af3914ad5fa7bc6460f70b9563fb99

    SHA512

    dfca044da57aeeafab50ff68e1a0ca698340a31250d7175b1858e8197936bd0e207d3577825d2295054f583750cad0fa6fbb3fabc876a092428e4043b0c401f1

    Download Submit
  • /data/data/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    0b0e9cf1f436855b057630edab65c114

    SHA1

    77cbc022f763a704d7dec17003b71bd62c653c65

    SHA256

    15d5821fd90bd1bec62b10146c1327974d8bace96747dffb009630f843fa38a3

    SHA512

    31fbe2287dc3c537f942b360ca1b40b2576c12761efe50281d74cf554a9fd801763f7bccb656b66bdc8acf261a034f6d65c995bafd60fc5ea9adb148ce4ca818

    Download Submit