General
-
Target
66145c6b08f24572a5008caf842ec07c31f9d3db35b019df18438b693222e171.bin
-
Size
1.9MB
-
Sample
241209-15dt3atkcy
-
MD5
b0317dd17d7c7bcea9acdeb8abcafcec
-
SHA1
46d12eeec0533b9392a18e6d4457c3d9e6912fd3
-
SHA256
66145c6b08f24572a5008caf842ec07c31f9d3db35b019df18438b693222e171
-
SHA512
52378e10d7bd105318756cc5beaa63cb3d7442bbefc33d1687b4bd37bc0a04c92783bd70999dc279e792a2e6b1a3495f404539b8fceb6f6dd147e36697ab26ac
-
SSDEEP
49152:YgpXArA+r93HfdGDCqtTH7oTHoVq5ztl1pZSE51:TArA+r9XfdGDCqtTH7ojgqh1jSE51
Static task
static1
Behavioral task
behavioral1
Sample
66145c6b08f24572a5008caf842ec07c31f9d3db35b019df18438b693222e171.apk
Resource
android-x86-arm-20240624-en
Malware Config
Extracted
hook
http://uninstallerplg.cloud:3434
Targets
-
-
Target
66145c6b08f24572a5008caf842ec07c31f9d3db35b019df18438b693222e171.bin
-
Size
1.9MB
-
MD5
b0317dd17d7c7bcea9acdeb8abcafcec
-
SHA1
46d12eeec0533b9392a18e6d4457c3d9e6912fd3
-
SHA256
66145c6b08f24572a5008caf842ec07c31f9d3db35b019df18438b693222e171
-
SHA512
52378e10d7bd105318756cc5beaa63cb3d7442bbefc33d1687b4bd37bc0a04c92783bd70999dc279e792a2e6b1a3495f404539b8fceb6f6dd147e36697ab26ac
-
SSDEEP
49152:YgpXArA+r93HfdGDCqtTH7oTHoVq5ztl1pZSE51:TArA+r9XfdGDCqtTH7ojgqh1jSE51
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Hook family
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries the phone number (MSISDN for GSM devices)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Foreground Persistence
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Discovery
System Information Discovery
2System Network Configuration Discovery
3System Network Connections Discovery
1