Analysis
-
max time kernel
149s -
max time network
151s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
-
submitted
13/04/2025, 22:00
General
-
Target
ba77429169f0dd19d90b7cd55524569dc6823ea708e26ecac9c2f3ea9e059ab2.apk
-
Size
3.7MB
-
MD5
9479dd378d9fdaf5968bf0c1b25bfa89
-
SHA1
503e752805e5d924bab849e57fafc0df2958ed57
-
SHA256
ba77429169f0dd19d90b7cd55524569dc6823ea708e26ecac9c2f3ea9e059ab2
-
SHA512
a84afa74265cf2ca550a869405bff4bfa434fb735f1e1ea2d66ef9bae412261e8022ab4d0502b11f767c3c92b15132448c203d5e87fc71390137f6ead673f44d
-
SSDEEP
98304:vIpQbV2OxM597muPOB+eC11UsaJHqVMKKRW:vaGLa9LPdTfaVquKKQ
Malware Config
Extracted
hook
https://net.syshimyjoki.shop
Signatures
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Hook family
-
Makes use of the framework's Accessibility service 4 TTPs 3 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
-
Reads information about phone network operator. 1 TTPs
-
Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
-
Checks CPU information 2 TTPs 1 IoCs
-
Checks memory information 2 TTPs 1 IoCs
Processes
-
com.tencent.mm1⤵
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Queries information about the current Wi-Fi connection
- Queries the mobile country code (MCC)
- Uses Crypto APIs (Might try to encrypt user data)
- Checks CPU information
- Checks memory information
Network
MITRE ATT&CK Mobile v16
Defense Evasion
Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Discovery
System Information Discovery
2System Network Configuration Discovery
3System Network Connections Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD57e858c4054eb00fcddc653a04e5cd1c6
SHA12e056bf31a8d78df136f02a62afeeca77f4faccf
SHA2569010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb
-
Filesize
512B
MD5e7a2407f5433d0d258498cf3de9aa85a
SHA17cba7d221f1981b01c0df8966b5a818e32a08094
SHA25646ade63c55e6236d3177beaab7b05c7770517d30aecc4dd898dced012245efba
SHA51246a89864cbe98039b6977fae49af18ef7b5d4139c29ada005b2742d60d584500700afe852de97a9dc220bde277f6a74107580539bdaf3854ae2b628625c0815c
-
Filesize
32KB
MD5bb7df04e1b0a2570657527a7e108ae23
SHA15188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012
-
Filesize
16KB
MD5aac7b851c0b45ba513d4026ef77d828b
SHA147c16309a07bbbf6dbe0ddb9d239aa52699df049
SHA25605c84342325e04d7af3ce2997f1db57c22562fb75650e5bd5e46975c2215b601
SHA5123766c3b70d08447f05d5059010ad22d3e0de65c75a9ddf49283ec28f3d17559dcb649c94a15004189ef799f9ba201f8faa96d8d64826ee1ec47c214953876058
-
Filesize
108KB
MD513647fd1e78c961130975d1ff9b1666c
SHA1e0cfb78068fd6a2bc658abbabb54d7caead4b5e7
SHA25628ffa21262c760fea9c6151db5add21bb4fdfae4fae65e40ea423f340ebda42e
SHA5125fca9bbd01c5beeccc52908b6a4384853eb57fc2fe1928b9eee87edf2446f8bb38b78f0d357feda9cd17a2759322dc5768cb0c1f29eb3cf7fa926035a52627af