General

  • Target

    df7c0d32700a5a419de885a2c7a044cbb40d4768b6d8dc5a00f00bcdb7148826.bin

  • Size

    2.1MB

  • Sample

    241209-15eflatkcz

  • MD5

    bc73d5f2c6d90fb878e1c139863ca331

  • SHA1

    608e41d7312a4c1f94c0fc37bea03465c081f4ca

  • SHA256

    df7c0d32700a5a419de885a2c7a044cbb40d4768b6d8dc5a00f00bcdb7148826

  • SHA512

    df1ffe59bf8e56229934ae242a7d4b001be691cb0862e3b0ba39768eacf2643621f83292fc3e8670a1545f118a850e1c8d1319c553bf9853d198a72093292eb1

  • SSDEEP

    49152:8W5qSrW5J1IorOVM5rl+n3BCKPNSxA7B0OI1o:3f8IgMMWnxCKl+Y

Malware Config

Extracted

Family

hook

C2

http://uninstallerplg.cloud:3434

AES_key

Targets

    • Target

      df7c0d32700a5a419de885a2c7a044cbb40d4768b6d8dc5a00f00bcdb7148826.bin

    • Size

      2.1MB

    • MD5

      bc73d5f2c6d90fb878e1c139863ca331

    • SHA1

      608e41d7312a4c1f94c0fc37bea03465c081f4ca

    • SHA256

      df7c0d32700a5a419de885a2c7a044cbb40d4768b6d8dc5a00f00bcdb7148826

    • SHA512

      df1ffe59bf8e56229934ae242a7d4b001be691cb0862e3b0ba39768eacf2643621f83292fc3e8670a1545f118a850e1c8d1319c553bf9853d198a72093292eb1

    • SSDEEP

      49152:8W5qSrW5J1IorOVM5rl+n3BCKPNSxA7B0OI1o:3f8IgMMWnxCKl+Y

    Score
    4/10
    • Target

      7577.apk

    • Size

      1.9MB

    • MD5

      b0317dd17d7c7bcea9acdeb8abcafcec

    • SHA1

      46d12eeec0533b9392a18e6d4457c3d9e6912fd3

    • SHA256

      66145c6b08f24572a5008caf842ec07c31f9d3db35b019df18438b693222e171

    • SHA512

      52378e10d7bd105318756cc5beaa63cb3d7442bbefc33d1687b4bd37bc0a04c92783bd70999dc279e792a2e6b1a3495f404539b8fceb6f6dd147e36697ab26ac

    • SSDEEP

      49152:YgpXArA+r93HfdGDCqtTH7oTHoVq5ztl1pZSE51:TArA+r9XfdGDCqtTH7ojgqh1jSE51

    • Hook

      Hook is an Android malware that is based on Ermac with RAT capabilities.

    • Hook family

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

    • Queries the phone number (MSISDN for GSM devices)

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

    • Queries information about the current Wi-Fi connection

      Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    • Queries the mobile country code (MCC)

    • Reads information about phone network operator.

MITRE ATT&CK Mobile v15

Tasks