General
-
Target
5ca8952a6034c37c8ff983f55eb736cae50ca7194cf285cd4af93021cb9a7894.bin
-
Size
4.2MB
-
Sample
240805-1x9a1azdpj
-
MD5
ae00a6bbb9a0f33e1fa641a6a64527a8
-
SHA1
4cf897ff1f51a7e2efa4725dde128329ed548a74
-
SHA256
5ca8952a6034c37c8ff983f55eb736cae50ca7194cf285cd4af93021cb9a7894
-
SHA512
f107f25a55ff0a25a0b40d3a5a2ea321d0ff865a7853721a40383335408ae7ef9fd3d9b2b4256276a8a1ab7d7973ec6785b4eaca62cb1016b0e4b7fd011c2d69
-
SSDEEP
98304:FlgysHdGqrVeqFAUja79RCoQl+DT26mkOLHn+HGA6t5Q:psHvfhseow+DJmkSHAG8
Static task
static1
Behavioral task
behavioral1
Sample
5ca8952a6034c37c8ff983f55eb736cae50ca7194cf285cd4af93021cb9a7894.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
5ca8952a6034c37c8ff983f55eb736cae50ca7194cf285cd4af93021cb9a7894.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
5ca8952a6034c37c8ff983f55eb736cae50ca7194cf285cd4af93021cb9a7894.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
hook
http://qoli9va.xyz ; http://s0kvaye.xyz ; http://mal5ino3.xyz ; http://be3be11.xyz ; http://jeck6b.pro ; http://yayammib22.xyz
http://qoli9va.xyz
http://s0kvaye.xyz
Targets
-
-
Target
5ca8952a6034c37c8ff983f55eb736cae50ca7194cf285cd4af93021cb9a7894.bin
-
Size
4.2MB
-
MD5
ae00a6bbb9a0f33e1fa641a6a64527a8
-
SHA1
4cf897ff1f51a7e2efa4725dde128329ed548a74
-
SHA256
5ca8952a6034c37c8ff983f55eb736cae50ca7194cf285cd4af93021cb9a7894
-
SHA512
f107f25a55ff0a25a0b40d3a5a2ea321d0ff865a7853721a40383335408ae7ef9fd3d9b2b4256276a8a1ab7d7973ec6785b4eaca62cb1016b0e4b7fd011c2d69
-
SSDEEP
98304:FlgysHdGqrVeqFAUja79RCoQl+DT26mkOLHn+HGA6t5Q:psHvfhseow+DJmkSHAG8
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
Requests accessing notifications (often used to intercept notifications before users become aware).
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-