Overview

overview

10

Static

static

10

e6c0ef7ef8...3e.apk

android-9-x86

1

e6c0ef7ef8...3e.apk

android-10-x64

1

e6c0ef7ef8...3e.apk

android-11-x64

1

childapp.apk

android-9-x86

10

childapp.apk

android-10-x64

10

childapp.apk

android-11-x64

10

Analysis

  • max time kernel
    179s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    25-06-2024 22:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    childapp.apk

  • Size

    2.8MB

  • MD5

    114bf0d5c6c6eefa3549ba6258485dd9

  • SHA1

    5ec88f000c78dbe85cf6e807e8ec28d144469bf8

  • SHA256

    1aa526105b85cad2400df93b3e30c53c5be4982ccde416bd8dc23a3dc2f7e0f5

  • SHA512

    5104c5b381c4e78273d3b9a6a427bd883588f24212352f75589418cdd8d5875f4482618ea300eda8900cbd16ab60c887451199fd5a24a3785facf9dc82057bad

  • SSDEEP

    49152:rKb7U+Oou2DyWx4UgDdaHnevfxrtDAK8FbQC1R9/oHzfv24R3hag0gK/Xx4g/ku:Z+OmiU+SevbD+bb/oz105Xou

Score
10/10
hookcollectioncredential_accessdiscoveryevasionexecutioninfostealerpersistenceratstealthtrojan

Malware Config

Extracted

Family

hook

C2

http://1

Signatures

  • Hook

    Hook is an Android malware that is based on Ermac with RAT capabilities.

    rattrojaninfostealerhook
  • Removes its main activity from the application launcher 1 TTPs 3 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries information about running processes on the device 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about running processes on the device.

    discovery
  • Queries the phone number (MSISDN for GSM devices) 1 TTPs
    discovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Performs UI accessibility actions on behalf of the user 1 TTPs 37 IoCs

    Application may abuse the accessibility service to prevent their removal.

    evasion
  • Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

    discovery
  • Reads information about phone network operator. 1 TTPs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Requests enabling of the accessibility settings. 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
    persistence
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • com.JiDpzrKa.WmqvXSVh
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Queries information about running processes on the device
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries information about the current Wi-Fi connection
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Requests enabling of the accessibility settings.
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    • Schedules tasks to execute at a specified time
    PID:4249

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb
    Filesize

    4KB

    MD5

    f2b4b0190b9f384ca885f0c8c9b14700

    SHA1

    934ff2646757b5b6e7f20f6a0aa76c7f995d9361

    SHA256

    0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

    SHA512

    ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

    Download Submit
  • /data/data/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb-journal
    Filesize

    512B

    MD5

    f625f8e400cd1d0463edb840e43dd3dc

    SHA1

    a4fe45d2b9185e120aaae22da61449d37fda3924

    SHA256

    c0c93f4da5d11ad140701ba492efd9108045684622b129d5e5237ae403602d7a

    SHA512

    208cdf75d7e2b5d6ecf2592fa0d1043d53fcf24c9b5ba7524aa9928b609a94d3796d52866ced02226a95473a95a74b2c35cba746ac45d0b1b9d4bd675d379071

    Download Submit
  • /data/data/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb-shm
    Filesize

    32KB

    MD5

    bb7df04e1b0a2570657527a7e108ae23

    SHA1

    5188431849b4613152fd7bdba6a3ff0a4fd6424b

    SHA256

    c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

    SHA512

    768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

    Download Submit
  • /data/data/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb-wal
    Filesize

    16KB

    MD5

    135cac5b2ac1ad6ec666ded99da71f41

    SHA1

    e7a36945210b5ac59f67109da4440685634506f0

    SHA256

    c94b5bf7c8bd8b4dc5ad79361d144c1d93638a16683ced39eff51cd9b0d10061

    SHA512

    b94acbc941b278ebfbba0b12d69c845c0b89acf9b68161c4d0fa58214122963198a97f0a2567c3372baa9f1725d212592ab0aeb1f64c4231ae4bf13062091e18

    Download Submit
  • /data/data/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb-wal
    Filesize

    108KB

    MD5

    2af8c64d902f0b17de405794efd3ea46

    SHA1

    38d6fa956fad22de3ec36f04d36e661490542275

    SHA256

    33826c3369c5b9824ac0f5667efd5503bc5d35138cf8f60c3ae810142eef731f

    SHA512

    9deff53b00818ca67e339e5dae3cc12cfe43c78e7b87e99766c2722e405aa58b48f89a02089218e8f1d95e2988c14baa53aebef061198e3d484fc027ad67315f

    Download Submit
  • /data/data/com.JiDpzrKa.WmqvXSVh/no_backup/androidx.work.workdb-wal
    Filesize

    173KB

    MD5

    407eec393a828da5a14c9a1d81732737

    SHA1

    9828682a3fb7837295549522257730a9dca8da9f

    SHA256

    421f7e769649014acff1cdaa7dfe1de8be1c88e804d67611a6815960c414dd77

    SHA512

    b1508da74cad16da3164114034887fa2075eebbf5c3c65e5e39d6ae0629ee584db803060511e11c7376199372af9bb810def1f9ffa301d7b432d4fe45c86eff7

    Download Submit