General
-
Target
1b3c98ff4d21d7b106e8efe098a4c2b048be3a1be0d202d6f522907af4239019.bin
-
Size
1.1MB
-
Sample
240501-1xb1haha8w
-
MD5
ff689eb1fe167ffbcee6633c5b14ba7c
-
SHA1
d2c49bf3c93d707eb2895254b13121ce44ccf99f
-
SHA256
1b3c98ff4d21d7b106e8efe098a4c2b048be3a1be0d202d6f522907af4239019
-
SHA512
8e0e08e818f35dd85ec60c343b654eb3fa92ee715a56f3aa4f40b9284bb14c9c16f133328a8066e8adf89df2e8ed0e767e32070b950896c1355d4d7f235301b2
-
SSDEEP
24576:CG46H8f31UBrpbakdGnGsgTZR/I7qfVN7WojyO3sp3g/lnjB:Q6WitaYGnZeZR/I7QNaXosp3g/dB
Behavioral task
behavioral1
Sample
1b3c98ff4d21d7b106e8efe098a4c2b048be3a1be0d202d6f522907af4239019.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
1b3c98ff4d21d7b106e8efe098a4c2b048be3a1be0d202d6f522907af4239019.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
1b3c98ff4d21d7b106e8efe098a4c2b048be3a1be0d202d6f522907af4239019.apk
Resource
android-x64-arm64-20240221-en
Malware Config
Extracted
hook
http://93.127.202.69:3434
Targets
-
-
Target
1b3c98ff4d21d7b106e8efe098a4c2b048be3a1be0d202d6f522907af4239019.bin
-
Size
1.1MB
-
MD5
ff689eb1fe167ffbcee6633c5b14ba7c
-
SHA1
d2c49bf3c93d707eb2895254b13121ce44ccf99f
-
SHA256
1b3c98ff4d21d7b106e8efe098a4c2b048be3a1be0d202d6f522907af4239019
-
SHA512
8e0e08e818f35dd85ec60c343b654eb3fa92ee715a56f3aa4f40b9284bb14c9c16f133328a8066e8adf89df2e8ed0e767e32070b950896c1355d4d7f235301b2
-
SSDEEP
24576:CG46H8f31UBrpbakdGnGsgTZR/I7qfVN7WojyO3sp3g/lnjB:Q6WitaYGnZeZR/I7QNaXosp3g/dB
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the phone number (MSISDN for GSM devices)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Requests enabling of the accessibility settings.
-
Acquires the wake lock
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-