Extracted

• • Target

    29a405c5150841778eeb1d9e1b00a8cae0a771d6255e14fa02ac4211729d4352.bin

  • Size

    1.1MB

  • MD5

    65b47229c1ed0d9548764c627467c6cc

  • SHA1

    9803c568e03d54ac23fdc4be67288046e228d3f7

  • SHA256

    29a405c5150841778eeb1d9e1b00a8cae0a771d6255e14fa02ac4211729d4352

  • SHA512

    811d54a3bd8b691bb8a95a97b1ef9625e598997ceb73fcbac912628cdd5aea2cb41592cd5adcaad86adb50511d9cc92b096843f4c349bd5a8fce85d451eca2b2

  • SSDEEP

    24576:xZsTaIewP8XC4kOa3IIojySz+sMg/gKKM:7sTVPW3a4IXm+sMg/aM

  Score

  10^/10

  hookcollectioncredential_accessdiscoveryevasionexecutionimpactinfostealerpersistencerattrojan

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook

  • Makes use of the framework's Accessibility service

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access

  • Queries information about running processes on the device

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery

  • Queries the phone number (MSISDN for GSM devices)

    discovery

  • Acquires the wake lock

  • Makes use of the framework's foreground persistence service

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

  • Performs UI accessibility actions on behalf of the user

    Application may abuse the accessibility service to prevent their removal.

    evasion

  • Queries information about the current Wi-Fi connection

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery

  • Queries the mobile country code (MCC)

    discovery

  • Reads information about phone network operator.

    discovery

  • Requests enabling of the accessibility settings.

  behavioral1behavioral2behavioral3