General
-
Target
2d19cbdd421ebf5024a12f4380d870d127a8b9348d7ababcced56c1bb8702956.bin
-
Size
1.5MB
-
Sample
240615-115rzszgqp
-
MD5
b8a90d312d6d9acaa2ebcec019968126
-
SHA1
558dda73e42412b4bcd122557f2d4ccde8a2a0c1
-
SHA256
2d19cbdd421ebf5024a12f4380d870d127a8b9348d7ababcced56c1bb8702956
-
SHA512
3a9192cc3cdf0d7d40b3daac1cb94d5fd47dec401936ea598bb5f36c03443a42ad7ea056ce4dd451ebaec1ba4e6d36c776db9b9d111a86eaa341f3ea9f13b6bd
-
SSDEEP
49152:yNegqYuOhCwDsH1q5eIU/soZwnmNBIUdH:y9u4V7X2sijNzdH
Malware Config
Extracted
hook
http://URL_CONNECTION
Targets
-
-
Target
2d19cbdd421ebf5024a12f4380d870d127a8b9348d7ababcced56c1bb8702956.bin
-
Size
1.5MB
-
MD5
b8a90d312d6d9acaa2ebcec019968126
-
SHA1
558dda73e42412b4bcd122557f2d4ccde8a2a0c1
-
SHA256
2d19cbdd421ebf5024a12f4380d870d127a8b9348d7ababcced56c1bb8702956
-
SHA512
3a9192cc3cdf0d7d40b3daac1cb94d5fd47dec401936ea598bb5f36c03443a42ad7ea056ce4dd451ebaec1ba4e6d36c776db9b9d111a86eaa341f3ea9f13b6bd
-
SSDEEP
49152:yNegqYuOhCwDsH1q5eIU/soZwnmNBIUdH:y9u4V7X2sijNzdH
Score10/10-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Loads dropped Dex/Jar
Runs executable file dropped to the device during analysis.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries the phone number (MSISDN for GSM devices)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-