General
-
Target
0d0c23a96dc90d431a8ce01f0cee1575.zip
-
Size
2.8MB
-
Sample
240618-ye9gyazbkq
-
MD5
0d0c23a96dc90d431a8ce01f0cee1575
-
SHA1
8605f8fb9d5de85b5bca0aa953ea2ea8df53cf84
-
SHA256
aea84ebd9c1194efa69033231fe055a9fa79f3e740825965ab2767c4f61b0531
-
SHA512
7858bdf897659898c018aa2191f87cac4effa93e95daf3c4e449bbbafad1ab8248df0bb97e599e7f81a3dad0ddb3041ad712c8198a1b8635ea0b09f4849fc7da
-
SSDEEP
49152:mAT2grdSkQvKiMqFnr8CJMtvlB0l1EIFWEog1cJXCDG9XU3g/KZ:mAT2g5TQSSlrxmdva1EUag1cX8eXKZ
Behavioral task
behavioral1
Sample
0d0c23a96dc90d431a8ce01f0cee1575.apk
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral2
Sample
0d0c23a96dc90d431a8ce01f0cee1575.apk
Resource
android-x64-20240611.1-en
Behavioral task
behavioral3
Sample
0d0c23a96dc90d431a8ce01f0cee1575.apk
Resource
android-x64-arm64-20240611.1-en
Malware Config
Extracted
hook
http://91.92.254.104:3434
Targets
-
-
Target
0d0c23a96dc90d431a8ce01f0cee1575.zip
-
Size
2.8MB
-
MD5
0d0c23a96dc90d431a8ce01f0cee1575
-
SHA1
8605f8fb9d5de85b5bca0aa953ea2ea8df53cf84
-
SHA256
aea84ebd9c1194efa69033231fe055a9fa79f3e740825965ab2767c4f61b0531
-
SHA512
7858bdf897659898c018aa2191f87cac4effa93e95daf3c4e449bbbafad1ab8248df0bb97e599e7f81a3dad0ddb3041ad712c8198a1b8635ea0b09f4849fc7da
-
SSDEEP
49152:mAT2grdSkQvKiMqFnr8CJMtvlB0l1EIFWEog1cJXCDG9XU3g/KZ:mAT2g5TQSSlrxmdva1EUag1cX8eXKZ
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Obtains sensitive information copied to the device clipboard
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-