General
-
Target
df7c0d32700a5a419de885a2c7a044cbb40d4768b6d8dc5a00f00bcdb7148826.bin
-
Size
2.1MB
-
Sample
241209-15eflatkcz
-
MD5
bc73d5f2c6d90fb878e1c139863ca331
-
SHA1
608e41d7312a4c1f94c0fc37bea03465c081f4ca
-
SHA256
df7c0d32700a5a419de885a2c7a044cbb40d4768b6d8dc5a00f00bcdb7148826
-
SHA512
df1ffe59bf8e56229934ae242a7d4b001be691cb0862e3b0ba39768eacf2643621f83292fc3e8670a1545f118a850e1c8d1319c553bf9853d198a72093292eb1
-
SSDEEP
49152:8W5qSrW5J1IorOVM5rl+n3BCKPNSxA7B0OI1o:3f8IgMMWnxCKl+Y
Static task
static1
Behavioral task
behavioral1
Sample
df7c0d32700a5a419de885a2c7a044cbb40d4768b6d8dc5a00f00bcdb7148826.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral2
Sample
df7c0d32700a5a419de885a2c7a044cbb40d4768b6d8dc5a00f00bcdb7148826.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral3
Sample
df7c0d32700a5a419de885a2c7a044cbb40d4768b6d8dc5a00f00bcdb7148826.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
7577.apk
Resource
android-x86-arm-20240910-en
Malware Config
Extracted
hook
http://uninstallerplg.cloud:3434
Targets
-
-
Target
df7c0d32700a5a419de885a2c7a044cbb40d4768b6d8dc5a00f00bcdb7148826.bin
-
Size
2.1MB
-
MD5
bc73d5f2c6d90fb878e1c139863ca331
-
SHA1
608e41d7312a4c1f94c0fc37bea03465c081f4ca
-
SHA256
df7c0d32700a5a419de885a2c7a044cbb40d4768b6d8dc5a00f00bcdb7148826
-
SHA512
df1ffe59bf8e56229934ae242a7d4b001be691cb0862e3b0ba39768eacf2643621f83292fc3e8670a1545f118a850e1c8d1319c553bf9853d198a72093292eb1
-
SSDEEP
49152:8W5qSrW5J1IorOVM5rl+n3BCKPNSxA7B0OI1o:3f8IgMMWnxCKl+Y
Score4/10 -
-
-
Target
7577.apk
-
Size
1.9MB
-
MD5
b0317dd17d7c7bcea9acdeb8abcafcec
-
SHA1
46d12eeec0533b9392a18e6d4457c3d9e6912fd3
-
SHA256
66145c6b08f24572a5008caf842ec07c31f9d3db35b019df18438b693222e171
-
SHA512
52378e10d7bd105318756cc5beaa63cb3d7442bbefc33d1687b4bd37bc0a04c92783bd70999dc279e792a2e6b1a3495f404539b8fceb6f6dd147e36697ab26ac
-
SSDEEP
49152:YgpXArA+r93HfdGDCqtTH7oTHoVq5ztl1pZSE51:TArA+r9XfdGDCqtTH7ojgqh1jSE51
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Hook family
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries the phone number (MSISDN for GSM devices)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
MITRE ATT&CK Mobile v15
Persistence
Event Triggered Execution
1Broadcast Receivers
1Foreground Persistence
1Scheduled Task/Job
1Defense Evasion
Foreground Persistence
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Discovery
System Information Discovery
2System Network Configuration Discovery
3System Network Connections Discovery
1