Overview

overview

10

Static

static

10

9073568a18...ca.apk

android-9-x86

10

9073568a18...ca.apk

android-10-x64

10

9073568a18...ca.apk

android-11-x64

10

Analysis

  • max time kernel
    177s
  • max time network
    133s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240611.1-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
  • submitted
    14-06-2024 22:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9073568a1855141fa0de08a35fb37216b8571bd92cc45a564af2d787e8924aca.apk

  • Size

    3.9MB

  • MD5

    c4c311915dd408fac880507dfb257742

  • SHA1

    d94dd0f7f95254eb7fc0be983007c136a56c9684

  • SHA256

    9073568a1855141fa0de08a35fb37216b8571bd92cc45a564af2d787e8924aca

  • SHA512

    25a2723ea4a8e8d0a8dc9a7bce5b099ba97809de286313bd77869b89a42042b2f8ac50f95542afc94ea2d2e9b0ad9e22105b46ed6fc428fa53b140191035fd9d

  • SSDEEP

    98304:sFOWOm3i/0E6/LkCwGG4ZJ8a96F8UJ3SCLaaiNS6:sMPQFTgGG4R90DJ3WNH

Score
10/10
hookcollectioncredential_accessdiscoveryevasionexecutionimpactinfostealerpersistencerattrojan

Malware Config

Extracted

Family

hook

C2

https://ws.lookonstars.tech

AES_key

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs

    Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.

    collectioncredential_accessimpact
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence
  • Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
    impact
  • Checks CPU information 2 TTPs 1 IoCs
  • Checks memory information 2 TTPs 1 IoCs

Processes

  • com.tencent.mm
    1⤵
    • Makes use of the framework's Accessibility service
    • Obtains sensitive information copied to the device clipboard
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about the current Wi-Fi connection
    • Queries the mobile country code (MCC)
    • Schedules tasks to execute at a specified time
    • Uses Crypto APIs (Might try to encrypt user data)
    • Checks CPU information
    • Checks memory information
    PID:4452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    7e858c4054eb00fcddc653a04e5cd1c6

    SHA1

    2e056bf31a8d78df136f02a62afeeca77f4faccf

    SHA256

    9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

    SHA512

    d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

    Download Submit
  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    71657568dc9c245aa9160c7775badc1e

    SHA1

    4c2ae6a57648b7fce1dd517243ac7da3182444ea

    SHA256

    948542c83e6ed3f37d68b33cb22898c93d52d90e86d38a3e38b25bc893f3635f

    SHA512

    90974c0fc44d9f7bf4c3cec6048d4c3ecebf484e6ae690fe8b5e59f328231648e445938a3fe375a457d82da0799d944bf60cebfd7db577ab38b3a604a9749747

    Download Submit
  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit
  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    8879e99def506686e601f65a4dfac217

    SHA1

    5f08ec5cc2a4ac85d9445274e843f5c8b1336fbd

    SHA256

    bac34922661e8ad8442d96b9220c312a41ac2193d03ce92acedab5a8d943a370

    SHA512

    5f885f99792d5c7b9246316940b67462e827f55c55b88d577487185b724b7b470706115dea0f33aeab445d2bb47c2956d152d4e0dba107592634e0a1bfe54fb6

    Download Submit
  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    bbd8cb4e1ccbdd600888f40ff4045d4e

    SHA1

    571d4e360ca47062f15f7a10cbe44748f47476b3

    SHA256

    95e64360f40972cb0eca85324d0d8b3877cd3cf467a496d02da049294baaa503

    SHA512

    131a7f1d2acff3ef6eb76d1ff1b5d979352f0e149cc059c4813ebe69116d784ab873e53c04331d6998444c97f08cca4977d66fa17774d31b08d7acbe9852466b

    Download Submit
  • /data/user/0/com.tencent.mm/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    44c81aa81c15fe9b1ff939e30aa68968

    SHA1

    5b97377c52388a0594d95b6b115a3560c6f8c9b7

    SHA256

    6685119492194b07f6a71702a637e86928ce31f1d93871abb9e262082fbb3c6b

    SHA512

    9fdd2a6210701c9b48a84876fa9ff5185d98657a48fac0cbbfaf86e68891962f36aab2876046aea34a1a3674f5790fed7e92655d8009863c9074069189d2a0f5

    Download Submit