GroDDViewer: Xsser mRAT Code4HK

Sample name: code4hk

Malware Family

Android spyware

Sample description:

A temp.apk file is copied in a hidden .qq directory located on the sdcard created by the sample. The processus com.v2 corresponds to the first application installed, and the processus called com.v1 corresponds to the processus after the update of the application.

File details:

  • MD5 : 15e5143e1c843b4836d7b6d5424fb4a5
  • SHA256 : fe1df17ab903979223e5eb514ffe24f72d540ad26f959201133f30a1346870df
  • Size : 400.1 KB
View mode
System Flow Graph
Type: Group: Socket: .txt: .db-shm: .xml: .localstorage: .tmp: .db-mj62774B9B: .db: .sqlite: .localstorage-journal: .journal: .db-mj7B33D114: .shaders_cache: .db-wal: .db-mj27A2BB9D: .db-journal: .sqlite-journal: .apk: .txt: .db-shm: .xml: .localstorage: .tmp: .db-mj62774B9B: .db: .sqlite: .localstorage-journal: .journal: .db-mj7B33D114: .shaders_cache: .db-wal: .db-mj27A2BB9D: .db-journal: .sqlite-journal: .apk:
Grid Layout
Nb processes:
  • Graph legend
  • process
  • file
  • socket
Interactions frequency and zoom on time intervals
Min: 0 | Max: 1000 |
Current: 0
Speed: 500