General
-
Target
326bae40845ecc9f7b6b5ae516906efef331960ecb76433debfac1690c29699e.zip
-
Size
1.1MB
-
Sample
240519-bkd7naaf24
-
MD5
4845a6d28d60044a50d6bd32cf015fdc
-
SHA1
c0dd4408017dc1b661abafb27171c23d5f9a2ffa
-
SHA256
326bae40845ecc9f7b6b5ae516906efef331960ecb76433debfac1690c29699e
-
SHA512
44165efd87985d42fdf14fc8c81df04605dc4228159b5e68cd040e59c3180eaf18fd6da11ef3830f1523d351d9594ba0b6d9282ebcde81b6ab84ae81a3b4b9b7
-
SSDEEP
24576:fGN2Z2u9tt/EvTVNIM49BJEs1vV/ojyx3g/lnXa:eN0h3tMvTl4PuK/Xx3g/Ra
Behavioral task
behavioral1
Sample
326bae40845ecc9f7b6b5ae516906efef331960ecb76433debfac1690c29699e.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
326bae40845ecc9f7b6b5ae516906efef331960ecb76433debfac1690c29699e.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
326bae40845ecc9f7b6b5ae516906efef331960ecb76433debfac1690c29699e.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
hook
http://89.116.27.45:3434
Targets
-
-
Target
326bae40845ecc9f7b6b5ae516906efef331960ecb76433debfac1690c29699e.zip
-
Size
1.1MB
-
MD5
4845a6d28d60044a50d6bd32cf015fdc
-
SHA1
c0dd4408017dc1b661abafb27171c23d5f9a2ffa
-
SHA256
326bae40845ecc9f7b6b5ae516906efef331960ecb76433debfac1690c29699e
-
SHA512
44165efd87985d42fdf14fc8c81df04605dc4228159b5e68cd040e59c3180eaf18fd6da11ef3830f1523d351d9594ba0b6d9282ebcde81b6ab84ae81a3b4b9b7
-
SSDEEP
24576:fGN2Z2u9tt/EvTVNIM49BJEs1vV/ojyx3g/lnXa:eN0h3tMvTl4PuK/Xx3g/Ra
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Queries the phone number (MSISDN for GSM devices)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Requests enabling of the accessibility settings.
-
Acquires the wake lock
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Schedules tasks to execute at a specified time
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-