Overview

overview

10

Static

static

10

4149e4a343...97.apk

android-9-x86

10

4149e4a343...97.apk

android-10-x64

10

4149e4a343...97.apk

android-11-x64

10

Analysis

  • max time kernel
    178s
  • max time network
    185s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    02-07-2024 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4149e4a3434c44a87f55b5643d5bbbd55e093dc592a600be679aae9dd3706897.apk

  • Size

    3.5MB

  • MD5

    d097ba2ec6c71d7f0118cb3bb11f89bd

  • SHA1

    d3310070f7f5065f218851b5445c7034a382600b

  • SHA256

    4149e4a3434c44a87f55b5643d5bbbd55e093dc592a600be679aae9dd3706897

  • SHA512

    d0a54a35b36b736aa55ddd23d8a53b1a8bfab08b290c8accd527f7c4993439496d72d785b68767c15570ebb5e137485320098d548db14cc54bfd38ad298c39ca

  • SSDEEP

    49152:r+LlX/wLODvIv6CxceAWbN1k55gQVxF5HaH8Ib/iVhT6+cfsiJTDMQGNgEJWzJSu:r+LlvQSqrN1yXF56cnl6+/ihDYPbS6c

Score
10/10
hookcollectioncredential_accessdiscoveryevasionexecutionimpactinfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

hook

C2

http://192.168.10.24:3434

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 1 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests enabling of the accessibility settings. 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact

Processes

  • com.fogipexosisa.wesoku
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about the current Wi-Fi connection
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests enabling of the accessibility settings.
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    PID:4508

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit

  • /data/user/0/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    925175e78dabecf1c90e515ba4267f09

    SHA1

    7832e19cc5616181399965caaca88008a88f7f80

    SHA256

    71907e6e6d716e1bc234162a1c1e1a84278c4a50352a42516d777672f3e9e41b

    SHA512

    e461789034d8646450802f02417a24481153c161d80814b861ec54208b6e08bb424c247d64dd1db6364af7b27df0c39ed347b9cf49e90f5e88085787a19ddcfd

    Download Submit

  • /data/user/0/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit

  • /data/user/0/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    ed14f437effae1daf1c7eaf7e6246179

    SHA1

    fe171fdb5c5c240d0b97d565572cac5f3de36dc6

    SHA256

    5dac8df5a88b0bf9c086bf0cf21b60a617bc1fe6040f473c2256522e47708fbd

    SHA512

    9ba1961a2d131535518d67ebb11a2eeba0a717d2ace349ef52cd5f7119adc985bc9460315edaf0d497fa1a50a2a820316c0a839c851498231ac39dfc59456e6e

    Download Submit

  • /data/user/0/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    50a7d3ec39c61d1b7f373cf0a15e8da8

    SHA1

    c79f2b67d1b94d5fee0d69f3be10c428c8e0ae2a

    SHA256

    5494a82ed3ba94bd5d185ddfa74f093407ef3ca37a6dd7864cdc64ba9ca9298a

    SHA512

    1c527e9b922a73ab6967d98e2a1f17dc25ec2c2090ed3844b3b5893c4d364b1ebd94c39863e6528ef4f1249437981308a3e4488649d34fa7af6d056fbebd1690

    Download Submit

  • /data/user/0/com.fogipexosisa.wesoku/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    0460c244ea2d1e5a8267090e186538b2

    SHA1

    0f8ef7cc8bb1decbfd6fc2e87adc620ffc8d0e5e

    SHA256

    7e0ac012b3d24bfad6484f030ecc2fa386582b8ba456a99ebf5c0b90c1187df1

    SHA512

    6d46b957ba86be37c250c8b161c8c24ac839addccca867fbdf451e4a5e143cef92c0234eb2bf210deea0d873669412ace701b8fac12894275566b122b4f4e250

    Download Submit