General
-
Target
f27356848d8d106272cd05be2778d147511cbafe75e9480d98a6f3ee91d3448b.bin
-
Size
1.1MB
-
Sample
240625-1yc9ysydlq
-
MD5
896a7930df223553ab0987fc69347f08
-
SHA1
b883764c91d17f30c17c1b587311d868c00840e6
-
SHA256
f27356848d8d106272cd05be2778d147511cbafe75e9480d98a6f3ee91d3448b
-
SHA512
5c5fcedda68324d7ab9a4f7682894a5958e2c98c970e3ff2354359efff2ceae670cccc7456f40f14e56d4a8db84bc23ac6c013658c382eb952dd1752b729136e
-
SSDEEP
24576:JtwRisrnsWEE1xS8gwNzUn7x5WojLGzg/YFHaH:vsrAE108gwN8xgeGzg/FH
Behavioral task
behavioral1
Sample
f27356848d8d106272cd05be2778d147511cbafe75e9480d98a6f3ee91d3448b.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
f27356848d8d106272cd05be2778d147511cbafe75e9480d98a6f3ee91d3448b.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
f27356848d8d106272cd05be2778d147511cbafe75e9480d98a6f3ee91d3448b.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Extracted
hook
Targets
-
-
Target
f27356848d8d106272cd05be2778d147511cbafe75e9480d98a6f3ee91d3448b.bin
-
Size
1.1MB
-
MD5
896a7930df223553ab0987fc69347f08
-
SHA1
b883764c91d17f30c17c1b587311d868c00840e6
-
SHA256
f27356848d8d106272cd05be2778d147511cbafe75e9480d98a6f3ee91d3448b
-
SHA512
5c5fcedda68324d7ab9a4f7682894a5958e2c98c970e3ff2354359efff2ceae670cccc7456f40f14e56d4a8db84bc23ac6c013658c382eb952dd1752b729136e
-
SSDEEP
24576:JtwRisrnsWEE1xS8gwNzUn7x5WojLGzg/YFHaH:vsrAE108gwN8xgeGzg/FH
-
Hook
Hook is an Android malware that is based on Ermac with RAT capabilities.
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Queries information about running processes on the device
Application may abuse the framework's APIs to collect information about running processes on the device.
-
Queries the phone number (MSISDN for GSM devices)
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-
Performs UI accessibility actions on behalf of the user
Application may abuse the accessibility service to prevent their removal.
-
Queries information about the current Wi-Fi connection
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
-
Queries the mobile country code (MCC)
-
Reads information about phone network operator.
-
Requests disabling of battery optimizations (often used to enable hiding in the background).
-
Requests enabling of the accessibility settings.
-