General
-
Target
816cfa04a65c253039007b879c5b92f53493dc515712f3045df091c70b694200.bin
-
Size
1.1MB
-
Sample
240601-271bhsah72
-
MD5
681d8dc873df588407c3b1d8a9882455
-
SHA1
413e3ed5c68886bffab9bca18ace8b544776fbbc
-
SHA256
816cfa04a65c253039007b879c5b92f53493dc515712f3045df091c70b694200
-
SHA512
f8e60b33e49296aa6eb9b006ba2616367498ec053c39a219a8734b2863f9bc1c4153b456ffa8bf6f731822d32ffa1ae2e5f335bb2ffc02a005fdcdd4cb04d258
-
SSDEEP
24576:paBjhuzkXgqzNJVwf0nIG/+zQPaqrfXoxykbg/3cP9:pyjhuzkwWNJLIGGcFZkbg/I9
Behavioral task
behavioral1
Sample
816cfa04a65c253039007b879c5b92f53493dc515712f3045df091c70b694200.apk
Resource
android-x86-arm-20240514-en
Behavioral task
behavioral2
Sample
816cfa04a65c253039007b879c5b92f53493dc515712f3045df091c70b694200.apk
Resource
android-x64-20240514-en
Behavioral task
behavioral3
Sample
816cfa04a65c253039007b879c5b92f53493dc515712f3045df091c70b694200.apk
Resource
android-x64-arm64-20240514-en
Malware Config
Extracted
hook
http://89.116.27.45:3434
Targets
-
-
Target
816cfa04a65c253039007b879c5b92f53493dc515712f3045df091c70b694200.bin
-
Size
1.1MB
-
MD5
681d8dc873df588407c3b1d8a9882455
-
SHA1
413e3ed5c68886bffab9bca18ace8b544776fbbc
-
SHA256
816cfa04a65c253039007b879c5b92f53493dc515712f3045df091c70b694200
-
SHA512
f8e60b33e49296aa6eb9b006ba2616367498ec053c39a219a8734b2863f9bc1c4153b456ffa8bf6f731822d32ffa1ae2e5f335bb2ffc02a005fdcdd4cb04d258
-
SSDEEP
24576:paBjhuzkXgqzNJVwf0nIG/+zQPaqrfXoxykbg/3cP9:pyjhuzkwWNJLIGGcFZkbg/I9
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Queries the phone number (MSISDN for GSM devices)
-
Registers a broadcast receiver at runtime (usually for listening for system events)
-
Acquires the wake lock
-
Reads information about phone network operator.
-
Schedules tasks to execute at a specified time
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
-