General
-
Target
19233c714b168ed889bc3132322b5214.bin
-
Size
899KB
-
Sample
240620-blcp8avejr
-
MD5
061a9e01321dd8d2f11925d495c6347a
-
SHA1
9ffc63d276091b8cd54e5e68b206d05b4ae0bff7
-
SHA256
e26bc7563731c54e46b89bc725cd15ba848fd59a5f9aeac2e8b0bbc654d2fed6
-
SHA512
58344c41d9370db580359392524c7f8b3e415fa0ce3f1d6200e30dce222b2aec1e026669086ca7a444fc75213f3e7bb28273eada36a66fe710ff1342fa13f4cf
-
SSDEEP
12288:SK9q9IN4sz+04bXSgmONgtCIzNczKnRAqK6XwfJD1Sr/DD:SK9q9IGsC0BTOytFzNc+nRDXgsHD
Behavioral task
behavioral1
Sample
c5c5a99fb79efb383586ed7f7e16419dbb2b02a829aa0f976eadce9581edba44.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
c5c5a99fb79efb383586ed7f7e16419dbb2b02a829aa0f976eadce9581edba44.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
c5c5a99fb79efb383586ed7f7e16419dbb2b02a829aa0f976eadce9581edba44.apk
Resource
android-x64-arm64-20240611.1-en
Malware Config
Extracted
hook
http://94.156.65.236:3434
Targets
-
-
Target
c5c5a99fb79efb383586ed7f7e16419dbb2b02a829aa0f976eadce9581edba44.apk
-
Size
1.1MB
-
MD5
19233c714b168ed889bc3132322b5214
-
SHA1
36bff66bb8acacbf57dc44bf139fc1099bf0a121
-
SHA256
c5c5a99fb79efb383586ed7f7e16419dbb2b02a829aa0f976eadce9581edba44
-
SHA512
ee9071f50fd68554089f72fa181f96e0bdeaf9f601ef7a75a583c84c4aee28314ab30c2096a076a11e8f2144cbc5033b1c3060b503db72c6cd806e8eda00ba27
-
SSDEEP
24576:rBRCWXTcC/roY/8CyYApbOU4W6G/ojh0Pg/XLEh:jz3GyU4g/g0Pg/oh
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
Requests enabling of the accessibility settings.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Foreground Persistence
1Hide Artifacts
1Suppress Application Icon
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Discovery
Process Discovery
1System Network Configuration Discovery
3System Network Connections Discovery
1