Overview

overview

10

Static

static

10

4f2c636d1d...46.apk

android-9-x86

10

4f2c636d1d...46.apk

android-10-x64

10

4f2c636d1d...46.apk

android-11-x64

10

Analysis

  • max time kernel
    44s
  • max time network
    189s
  • platform
    android_x64
  • resource
    android-x64-20240624-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
  • submitted
    25-06-2024 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4f2c636d1d0adb6f1a718f76e113efe909a3a289dd67fa692705d28b82881446.apk

  • Size

    1.1MB

  • MD5

    f212518786a7306c309982506f42aa20

  • SHA1

    3e7f35d81476dc8ef5277207c00aca31712586c3

  • SHA256

    4f2c636d1d0adb6f1a718f76e113efe909a3a289dd67fa692705d28b82881446

  • SHA512

    bd06b471c4ad1067a0c57387dff651b63dfc0bd3063dc5c7e790828a0eebdb39fa9c0729d91fb885883cb717714af85cff7929046940ddade61abe7aaa55dc23

  • SSDEEP

    24576:PO7Hvz9zywcLJLXNRmdizstXcu4FtluoGyDJg/TFIIo:PKHhzbcLtXN4AzsCFxuGDJg/eIo

Score
10/10
hookcollectioncredential_accessdiscoveryevasionexecutionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.mipaxogajeperi.wutixifo
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    • Checks CPU information
    • Checks memory information
    PID:4946

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.mipaxogajeperi.wutixifo/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit
  • /data/data/com.mipaxogajeperi.wutixifo/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    df169791e805fd34298105ef6b7d0bb4

    SHA1

    ef68082803fb7523273b33b7d88932251306c717

    SHA256

    adeae454d89edb8f272a0c42ecb926259f3ea0136ec08155488d2810dbf06b94

    SHA512

    51c93f13cc127c9cae0303c40672ccc1bc964cc573f7390ee7439658c7d291743c297f43b5fbd4e71ac29d335c1b1e2784d13aea1b1e0a822b87d6a584469383

    Download Submit
  • /data/data/com.mipaxogajeperi.wutixifo/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit
  • /data/data/com.mipaxogajeperi.wutixifo/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    82104deb6aa1948401d66a5d68a64646

    SHA1

    c00c0f1bcb2b22d32a1e4d0bb8d1849ad05de322

    SHA256

    1f8d71886662ec1f13d0ec0c7de540f6fee9ed0df1d0917b64b1f13f8eb3738a

    SHA512

    29e24f6a711e1e9b8dd8221bde489044efad88b5d6362bc50fa110205723c6da7d2784f5be5e037d40f089bb4e4a2bb99a60355538a33f983b0e8e017e245f0c

    Download Submit
  • /data/data/com.mipaxogajeperi.wutixifo/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    7f67ba9e66478775968a6011131e34da

    SHA1

    ba94f838148c1dfd7cc7503e7d3c0fe2db91143c

    SHA256

    b616a073f363eaa0e0c04c24ff43b4c0b9259a913a86ddf1eb57e89f23070f85

    SHA512

    9df86df73bcb9d610102bf0a678533c1b2ad74606e4e994b61198c1c83c59342a8b49d02235394a4630e831c7b7ff4059232b4da768b5b7c0b73f76b901b66e8

    Download Submit
  • /data/data/com.mipaxogajeperi.wutixifo/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    41d2ac38c31bb42579e2cd34ebfa5bc1

    SHA1

    7b73775fcef7fcf9bdb67b48d69d3bfc6c1ab415

    SHA256

    cbd0f85a9c047bf6c143de600f0b9aacf857774a62bac081b38b517fe7488aae

    SHA512

    111b7a224a938de422535c9da3f9854ae57978df248d6d60ed48e3ead51b6fd2f241f3c8f3d21950caa9c19230172b76d9e1eb60ac4cbb51279984e0dc0020ef

    Download Submit