General
-
Target
5d3334f9fc8513bfb55b095e6463960285abd45876e76f562fcff94fbf6b6861.bin
-
Size
2.8MB
-
Sample
240712-1xwd5svale
-
MD5
e038f8289f8ca7e5e8093c306be9ac66
-
SHA1
1a71ebe79518bf5f00a9046c9b42d151882ffc26
-
SHA256
5d3334f9fc8513bfb55b095e6463960285abd45876e76f562fcff94fbf6b6861
-
SHA512
5aa15f7751920766cd4088bd6eabe2c672243c13a4dc780c2d6954caf726aa0745efed74d28e46b086e4aa29c732d841d316dcc58cdc236719781fcface0f80d
-
SSDEEP
49152:zMW4v6i2FNiGKjmOqFFBVjShvoVs6mn5LYH7qxj9cH7BcrSkCuFnKhpNOJCtO:QW4iNNpvHuQ+Z5LCqxj9cbOrSvuF5JCY
Static task
static1
Behavioral task
behavioral1
Sample
5d3334f9fc8513bfb55b095e6463960285abd45876e76f562fcff94fbf6b6861.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
5d3334f9fc8513bfb55b095e6463960285abd45876e76f562fcff94fbf6b6861.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
5d3334f9fc8513bfb55b095e6463960285abd45876e76f562fcff94fbf6b6861.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
hook
http://45.77.146.136:3434
Targets
-
-
Target
5d3334f9fc8513bfb55b095e6463960285abd45876e76f562fcff94fbf6b6861.bin
-
Size
2.8MB
-
MD5
e038f8289f8ca7e5e8093c306be9ac66
-
SHA1
1a71ebe79518bf5f00a9046c9b42d151882ffc26
-
SHA256
5d3334f9fc8513bfb55b095e6463960285abd45876e76f562fcff94fbf6b6861
-
SHA512
5aa15f7751920766cd4088bd6eabe2c672243c13a4dc780c2d6954caf726aa0745efed74d28e46b086e4aa29c732d841d316dcc58cdc236719781fcface0f80d
-
SSDEEP
49152:zMW4v6i2FNiGKjmOqFFBVjShvoVs6mn5LYH7qxj9cH7BcrSkCuFnKhpNOJCtO:QW4iNNpvHuQ+Z5LCqxj9cbOrSvuF5JCY
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-