General
-
Target
923bc65bf07815b0b2723ab6cde35887c61d665baf6618ce4e1dacd6345669ad
-
Size
2.8MB
-
Sample
240524-pq8v4sca9s
-
MD5
899022727c1eed901d9e847a44f017a0
-
SHA1
27231e81607121522405a98dca3c4efe013d6282
-
SHA256
923bc65bf07815b0b2723ab6cde35887c61d665baf6618ce4e1dacd6345669ad
-
SHA512
9f3b4b6eb7690c2b688b138d3301f13d320b45832013df366b1743e3b722bd8a42e2746ed4d43e028de0df92f7eca3fce55a970102dbb25431ad67f5ff2796cd
-
SSDEEP
49152:1KYIc3gRcXBxxytSOLAQniVL5TC1/cGypQqgg9TKAzwXhcHh8xngteZQpy/XyNgl:41xRCNnmFadTC10G4QWiXhWiKtyxXYk
Behavioral task
behavioral1
Sample
923bc65bf07815b0b2723ab6cde35887c61d665baf6618ce4e1dacd6345669ad.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
923bc65bf07815b0b2723ab6cde35887c61d665baf6618ce4e1dacd6345669ad.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
923bc65bf07815b0b2723ab6cde35887c61d665baf6618ce4e1dacd6345669ad.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
hook
http://185.208.158.109:3434
Targets
-
-
Target
923bc65bf07815b0b2723ab6cde35887c61d665baf6618ce4e1dacd6345669ad
-
Size
2.8MB
-
MD5
899022727c1eed901d9e847a44f017a0
-
SHA1
27231e81607121522405a98dca3c4efe013d6282
-
SHA256
923bc65bf07815b0b2723ab6cde35887c61d665baf6618ce4e1dacd6345669ad
-
SHA512
9f3b4b6eb7690c2b688b138d3301f13d320b45832013df366b1743e3b722bd8a42e2746ed4d43e028de0df92f7eca3fce55a970102dbb25431ad67f5ff2796cd
-
SSDEEP
49152:1KYIc3gRcXBxxytSOLAQniVL5TC1/cGypQqgg9TKAzwXhcHh8xngteZQpy/XyNgl:41xRCNnmFadTC10G4QWiXhWiKtyxXYk
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the phone number (MSISDN for GSM devices)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Requests enabling of the accessibility settings.
-
Acquires the wake lock
-
Reads information about phone network operator.
-
Schedules tasks to execute at a specified time
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-