General

  • Target

    66145c6b08f24572a5008caf842ec07c31f9d3db35b019df18438b693222e171.bin

  • Size

    1.9MB

  • Sample

    241209-15dt3atkcy

  • MD5

    b0317dd17d7c7bcea9acdeb8abcafcec

  • SHA1

    46d12eeec0533b9392a18e6d4457c3d9e6912fd3

  • SHA256

    66145c6b08f24572a5008caf842ec07c31f9d3db35b019df18438b693222e171

  • SHA512

    52378e10d7bd105318756cc5beaa63cb3d7442bbefc33d1687b4bd37bc0a04c92783bd70999dc279e792a2e6b1a3495f404539b8fceb6f6dd147e36697ab26ac

  • SSDEEP

    49152:YgpXArA+r93HfdGDCqtTH7oTHoVq5ztl1pZSE51:TArA+r9XfdGDCqtTH7ojgqh1jSE51

Malware Config

Extracted

Family

hook

C2

http://uninstallerplg.cloud:3434

AES_key

Targets

    • Target

      66145c6b08f24572a5008caf842ec07c31f9d3db35b019df18438b693222e171.bin

    • Size

      1.9MB

    • MD5

      b0317dd17d7c7bcea9acdeb8abcafcec

    • SHA1

      46d12eeec0533b9392a18e6d4457c3d9e6912fd3

    • SHA256

      66145c6b08f24572a5008caf842ec07c31f9d3db35b019df18438b693222e171

    • SHA512

      52378e10d7bd105318756cc5beaa63cb3d7442bbefc33d1687b4bd37bc0a04c92783bd70999dc279e792a2e6b1a3495f404539b8fceb6f6dd147e36697ab26ac

    • SSDEEP

      49152:YgpXArA+r93HfdGDCqtTH7oTHoVq5ztl1pZSE51:TArA+r9XfdGDCqtTH7ojgqh1jSE51

    • Hook

      Hook is an Android malware that is based on Ermac with RAT capabilities.

    • Hook family

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries the phone number (MSISDN for GSM devices)

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks