hook | 9a520a99e77f6daef764c3081cc17aca8110b3def6de55be46659de77cab6572

Analysis

max time kernel
179s
max time network
187s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
10/08/2024, 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a520a99e77f6daef764c3081cc17aca8110b3def6de55be46659de77cab6572.apk
Size

4.3MB
MD5

48a832149a7babc03ac1352c4fbdab6b
SHA1

5a29ea5c787f2422b7e3e1634f6e515d9588afe4
SHA256

9a520a99e77f6daef764c3081cc17aca8110b3def6de55be46659de77cab6572
SHA512

998df6dd0e157164220f0e3154b16c582534c9719485a96c7524d2272d47e2252dc373f5d205f91a10b90e1661eec9ed49b794d855f0ea0d1450484e82dae5f8
SSDEEP

98304:gnlarLN0IXVSwSLOsOi0QOPM9dBRt66M94bkx8oQXr1RThM1:gnUnNzVpSydBPk9dbtO4TXrvK1

Score

10^/10

hook collection credential_access discovery evasion execution impact infostealer persistence rat trojan

Malware Config

Extracted

Family

hook

http://193.3.19.40

DES_key

AES_key

Signatures

Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
rat trojan infostealer hook

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

ioc	pid	Process
/data/user/0/com.utbyhglxp.btfeasgis/app_dex/classes.dex	4978	com.utbyhglxp.btfeasgis
/data/user/0/com.utbyhglxp.btfeasgis/app_dex/classes.dex	4978	com.utbyhglxp.btfeasgis

Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	com.utbyhglxp.btfeasgis
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText	com.utbyhglxp.btfeasgis
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId	com.utbyhglxp.btfeasgis

Queries information about running processes on the device 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about running processes on the device.

discovery

Process Discovery

T1424

description	ioc	Process
Framework service call	android.app.IActivityManager.getRunningAppProcesses	com.utbyhglxp.btfeasgis

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.utbyhglxp.btfeasgis

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.utbyhglxp.btfeasgis

Performs UI accessibility actions on behalf of the user 1 TTPs 5 IoCs

Application may abuse the accessibility service to prevent their removal.

evasion

Prevent Application Removal

T1629.001

ioc	Process
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.utbyhglxp.btfeasgis
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.utbyhglxp.btfeasgis
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.utbyhglxp.btfeasgis
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.utbyhglxp.btfeasgis
android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction	com.utbyhglxp.btfeasgis

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.utbyhglxp.btfeasgis

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.utbyhglxp.btfeasgis

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.utbyhglxp.btfeasgis

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.utbyhglxp.btfeasgis

com.utbyhglxp.btfeasgis
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Queries information about running processes on the device
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Performs UI accessibility actions on behalf of the user
- Queries information about the current Wi-Fi connection
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4978

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Impair Defenses

T1629

Prevent Application Removal

T1629.001

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Process Discovery

T1424

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.utbyhglxp.btfeasgis/app_dex/classes.dex

Filesize
2.9MB

MD5
9fae53e68782bd40579a2a7530d17db3

SHA1
bf871f1e1aebc543fd7833a46bff185dc0062643

SHA256
a129fa37c966ae413141c2a03169ab3f1c30cb417271251680cf9fc5f7c708d4

SHA512
f578c832825b988d10da9d63b65c0dca6580ae1353da19aea07a87773e6fccc67cc3d0d45e3132e95153783f3e50fc6c8955953dd649af73537d0fc2850413fd

Download Submit
/data/data/com.utbyhglxp.btfeasgis/cache/classes.dex

Filesize
1.0MB

MD5
383a05e1363f9c234da7336b1de06b67

SHA1
06e87b668d02d4c54559f726b4204665ec94c00f

SHA256
1ad2ba74abefa627e2aec75366c5961a741fd24246deecc9176918e074c436ba

SHA512
9a329a9fc46a1bb90c33e903084af700235738912670e73b52874a657cec4d722da534805ee7e4ada0a8ec612146ee494b2c51f34702ebfeafd97ad57f9dc061

Download Submit
/data/data/com.utbyhglxp.btfeasgis/cache/classes.zip

Filesize
1.0MB

MD5
b5cf7d39d2312f4e7da1f35882dc3ce8

SHA1
eb050b21ed4669b9bf84c3139c78205f93425945

SHA256
5bd8556ed642909afc7ed9d1a7912b24361d0c1043f2560b9606da9b940b3b46

SHA512
2587b84e43250f17d953a1bdb90951deaa8dcc36e4c6438101889fbac23943a79dfec3f4007460ba231418bc3c2fcc260a8a9f1d40ebe7dc4327d6e4afd285fd

Download Submit
/data/data/com.utbyhglxp.btfeasgis/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.utbyhglxp.btfeasgis/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
22e8d3560faff7c9d341afc6433bdf28

SHA1
8411e6d678e2e66714cd01486936e0494e680be2

SHA256
9f9e50c4d8cec624682a46805203de8b70a5e71753b6f07c56ed229a6a4d9f58

SHA512
f2e2c817f5543742b0291eb7a4c0916b0bea60b2dd7dab7d699d2cc79419058898767bfb6e9450a3c77f61b72ae362c6255308b2ee6f1bfb23b0482290821d6f

Download Submit
/data/data/com.utbyhglxp.btfeasgis/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.utbyhglxp.btfeasgis/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
a275908109bcaf86085047b481902ae7

SHA1
4242976a81f5a14cb3ec73c22aac824e46d5c5ca

SHA256
0b6cc42c3843eb043b1f043ef93f2c86947e637dcf71380a7297276eba489f9f

SHA512
d67057a7e9e6af37522a22e72dd3ddbff9c45c363b884ea701289b60df4964a447e8721151d55e31c81a962197517eeb83cc537f0b54ba4df01858f31b16a8b0

Download Submit
/data/data/com.utbyhglxp.btfeasgis/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
9345497c4a4c79e13d3e09d1234c0296

SHA1
28bc40936e4b5b7bd5332c0df3e313d14776d55e

SHA256
d9cbaf2e5722f111b477633d6ba0df29e6d75d199d73fad2a1e144fdf1cb3470

SHA512
72bbd8636c70fa0b7b8398736948ac63ccdfea4f5abec4ee2152a3d2b959d3155bb86c9e67712406774a9d51725fc4700561f89e12bb3cb6a7f9c470bc96ae0d

Download Submit
/data/data/com.utbyhglxp.btfeasgis/no_backup/androidx.work.workdb-wal

Filesize
173KB

MD5
25f73d36e03784559d19dccd7e1d220b

SHA1
7b04d797e760e5cda3cb107f7e810a9608fdb3d7

SHA256
012880014873e4f14612c1686d4fb347937664c9d65bdf1f03c4c3fb7b8062bd

SHA512
e8d3584b05240e2b645f867d632f545d3533c58a252ef2677665aa8a8fe86181f64dd6768fd5fa3c1cec79b1cb1355be1fc21bfbc0af2167582d5fb27493e9d0

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads