Extracted

• • Target

    2d19cbdd421ebf5024a12f4380d870d127a8b9348d7ababcced56c1bb8702956.bin

  • Size

    1.5MB

  • MD5

    b8a90d312d6d9acaa2ebcec019968126

  • SHA1

    558dda73e42412b4bcd122557f2d4ccde8a2a0c1

  • SHA256

    2d19cbdd421ebf5024a12f4380d870d127a8b9348d7ababcced56c1bb8702956

  • SHA512

    3a9192cc3cdf0d7d40b3daac1cb94d5fd47dec401936ea598bb5f36c03443a42ad7ea056ce4dd451ebaec1ba4e6d36c776db9b9d111a86eaa341f3ea9f13b6bd

  • SSDEEP

    49152:yNegqYuOhCwDsH1q5eIU/soZwnmNBIUdH:y9u4V7X2sijNzdH

  Score

  10^/10

  hookcollectioncredential_accessdiscoveryevasionexecutionimpactinfostealerpersistencerattrojan

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook

  • Loads dropped Dex/Jar

    Runs executable file dropped to the device during analysis.

    evasion

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Obtains sensitive information copied to the device clipboard

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Queries information about the current Wi-Fi connection

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery
  behavioral1behavioral2behavioral3