malware Hook & Ermac

[kriz84]

Спасибо, этот вариант тоже подходит - но как это сделать чере SSH не меняя пользователя?

Sorry for late response, if u haven't already fixed it try that
It's easier with the apps I said, look at this picture in attachment
Anyway u can try the following commands to create new root user:
Connect to the MySQL docker:
-docker exec -it hook__panel_mysql bash
Then connect to the MySQL database:
-mysql -u root -p
Enter the mysql root password which u entered in .env file:
Create new user:
-CREATE USER `user666`@`%` IDENTIFIED BY `pass666word`;
Grant all permissions:
-GRANT ALL PRIVILEGES ON *.* TO `user666`@`%` WITH GRANT OPTION;
-FLUSH PRIVILEGES;

I don't know if it will work but u can try it if u don't want to use app

raywood what do u mean, what is not possible? Fixing Hook with the Payload files of Ermac 2.0?
I assume the payloads r very similar, since it's from same dev and Hook was created shortly after Ermac, he did used for sure many things the same, from zero he have not began to dev Hook and few kotlin files r copies from other users which he slightly changed, like the filenames
Anyway I know a few people's which have Ermac 2.0 and unofficial 3.0, I will ask if they could send me the files I need
Iam currently adding A14 support since no permissions will be automatically granted on my Samsung phone which just got Android 14 update

Was anybody successful in just FUD the APK? I have no chance, I tried everything I can. When somebody knows it it would be nice from him to share with us

 

[raywood]

Sorry for late response, if u haven't already fixed it try that
It's easier with the apps I said, look at this picture in attachment
Anyway u can try the following commands to create new root user:
Connect to the MySQL docker:
-docker exec -it hook__panel_mysql bash
Then connect to the MySQL database:
-mysql -u root -p
Enter the mysql root password which u entered in .env file:
Create new user:
-CREATE USER `user666`@`%` IDENTIFIED BY `pass666word`;
Grant all permissions:
-GRANT ALL PRIVILEGES ON *.* TO `user666`@`%` WITH GRANT OPTION;
-FLUSH PRIVILEGES;

I don't know if it will work but u can try it if u don't want to use app

raywood what do u mean, what is not possible? Fixing Hook with the Payload files of Ermac 2.0?
I assume the payloads r very similar, since it's from same dev and Hook was created shortly after Ermac, he did used for sure many things the same, from zero he have not began to dev Hook and few kotlin files r copies from other users which he slightly changed, like the filenames
Anyway I know a few people's which have Ermac 2.0 and unofficial 3.0, I will ask if they could send me the files I need
Iam currently adding A14 support since no permissions will be automatically granted on my Samsung phone which just got Android 14 update

Was anybody successful in just FUD the APK? I have no chance, I tried everything I can. When somebody knows it it would be nice from him to share with us

You can look ermac and hook requests for bot coonection and commands.
hookbot: api/v1/getUsers etc.
ermac: api/blabla

Backend is totally different. The big difference is APK also. Somewhere there is an Ermac builder but nobody shares it bc of the antivirus companies.
Bc after the shared ermac builder, all guys will start to use then same effect like always leaked malware/bots in history.

 

[xsTao]

then we upload the hook bot panel to /var/www

unzip namefileshookpanel.zip

what is the hook bot panel？I don't see namefileshookpanel.zip, I only have Android.Stealer.Hook.7z and Android.Stealer.Hook.Builder.7z, did I download it wrong.Is there any detailed video instruction?I am a noob

 

[kriz84]

You can look ermac and hook requests for bot coonection and commands.
hookbot: api/v1/getUsers etc.
ermac: api/blabla

Backend is totally different. The big difference is APK also. Somewhere there is an Ermac builder but nobody shares it bc of the antivirus companies.
Bc after the shared ermac builder, all guys will start to use then same effect like always leaked malware/bots in history.

I have one APK from Ermac 2.0 and it's a bit smaller but it doesn't looks so much different then the APK from Hook
I may can get the needed files but it's hard to talk with em cuz he want at first to know how to FUD the APK then he would send the files, anyway I try to get the files
I tried anything I know to make it FUD but I don't have so much experience with crypting APK
I've fixed many things in the builder but I can't test it cuz i have one just small problem in one file, I made it A14 compatible and fixed other things

 

[xsTao]

Тоже ищу кто бы установил Hookbot

Вы успешно установили его? хочу спросить совета

 

[raywood]

Посмотреть вложение 71081Вы успешно установили его? хочу спросить совета

First need a Ubuntu VDS. Bc of the a lot of docker images, containers etc.

 

[HikMbed]

First need a Ubuntu VDS. Bc of the a lot of docker images, containers etc.

Можно и локально развернуть для тестов, но докер файлы надо править. Сервер нужен уже для продакшнена.

 

[kriz84]

I'll use a very cheap vps around 12$, monthly, and it's very very fast. Hook is installed in minutes..
contabo if anybody known them, I'll have VPS M with NVMe, they offer too Docker Ubuntu vps ready but this docker is not compatible with the Hook dockers as they usin the newest version of docker and we need the older version, it's not so difficult to port the hook Dockers to the newest version but there is no reason for it but it's better to choose the docker image vps and then remove it cuz something on the network configuration is changed when using docker image vps
They have too vds but vds is expensive and I see no reason to choose a vds

 

[qvp]

Есть сегодня кто хорошо криптует апк?

 

[xsTao]

您可以部署在本地进行测试，但需要编辑Docker文件。生产已经需要该服务器。

Я тестирую его в системе Kali на базе Debian. Я думал, что Android.Stealer.Hook.7z — это образ докера, возможно, я ошибался, я посмотрел Readme.MD, но, похоже, он мне не помог. Не могли бы вы, ребята, успешно установить Hook?

 

[kriz84]

My created APK is now about 3,5mb big not just 1mb but I can't test now on a panel cuz my vps provider did suspended my account
I did changed so many things, connection speed should be around 30% better now too. And I never coded in my life but kotlin or java seems not so a difficult language.
We need a bulletproof server but they r expensive and don't have such a good hardware
can anybody recommend a vps?

Anyway, I will try it on a VM

xsTao Iam not sure if it works too on Debian as they have other packages, just try the command which is here provided to install it.....or I can install it for u, when u have telegram then PM me if u want

 

[xsTao]

Кажется, я все напутал, возможно, мне стоит еще раз следовать инструкциям в документе Readme.MD. Кажется, мне нужно правильно изменить файл .env перед печатью make build. Но параметры .env немного сложны для понимания.

 

[kriz84]

xsTao there is nothing difficult to understand in the .env file
Don't use the empty .env file which don't have any entries, u'll need for example the Golang key and other things
There is already a ready made .env file where u just need to add ur IP where u see {ip} in this example file
and if u want change the MySQL passwords, but not needed...
and add ur Timezone in the correct format like Europe/Vienna...it's also okay to leave this entry as UTC
then make a telegram bot for hook and add the bot token, that's it, more is not needed to do in this file, just pick the ready made file up not this one u showed us

If needed change the Ports but that depends on u and ur vps or whatever.
Then delete the .env and .env.production files in golang and frontend folder at best. Not the example files.
then just use the command make install && make ports && make env && make build

Thats it, the files can be stored on any folder, also make sure to use the command before installing chmod 777 * when u r inside the folder

 

[shadowplatinum1]

hello can someone help me i follow the video tutorial also the guide it always shows this errors
I do this after i edit my vps ip on env file

rm -rv golang/.env && rm -rv frontend/.env && rm -rv frontend/.env.production

make ports && chmod 777 *

make install && make env

make build

reboot

sudo su

cd /var/www

make build

make build

reboot

http://"ip address"

token: root
password: changemeplease

but this errors still show

 

[HikMbed]

hello can someone help me i follow the video tutorial also the guide it always shows this errors
I do this after i edit my vps ip on env file

rm -rv golang/.env && rm -rv frontend/.env && rm -rv frontend/.env.production

make ports && chmod 777 *

make install && make env

make build

reboot

sudo su

cd /var/www

make build

make build

reboot

http://"ip address"

token: root
password: changemeplease

but this errors still show

Ошибка говорит о том, что надо сконфигурировать базу данных Mysql, создать, логин, пароль, рут, пароль, хост.

 

[shadowplatinum1]

The error says that you need to configure the Mysql database, create, login, password, root, password, host.

yes i did all that i followed the guide that is shared but still not working

 

[almightyjojo]

hello can someone help me i follow the video tutorial also the guide it always shows this errors
I do this after i edit my vps ip on env file

rm -rv golang/.env && rm -rv frontend/.env && rm -rv frontend/.env.production

make ports && chmod 777 *

make install && make env

make build

reboot

sudo su

cd /var/www

make build

make build

reboot

http://"ip address"

token: root
password: changemeplease

but this errors still show

All you need to do when you get this error build again run command: make build 3 times and reboot

 

[shadowplatinum1]

All you need to do when you get this error build again run command: make build 3 times and reboot

yes already done that but this shows

 

[almightyjojo]

did you do the nano .env good

This is what works for me

BACKEND_INTERFACE=0.0.0.0
BACKEND_PORT=8089
BACKEND_URL=http://{IP}:8089/
BACKEND_DEBUG=true
SOCKET_IO_URL=http://{IP}:3434
FRONTEND_URL=http://{IP}

FRONTEND_INTERFACE=0.0.0.0
FRONTEND_PORT=80

MYSQL_PORT=3306
MYSQL_DATABASE=hook
MYSQL_USER=no-root
MYSQL_ROOT_PASSWORD=ZDVdkJdkkskdkskS
MYSQL_PASSWORD=N7OkdksWKskkdD
MYSQL_HOST={IP}

PHP_SOCKETS_PORT=8000
PHP_TCP_PORT=12342

GOLANG_PORT=3434
GOLANG_KEY=1A1zP1eP5QGefi2DMPTfTL5SLmv7Divf
GOLANG_INITIAL_VECTOR=0123456789abcdef

TIMEZONE=UTC

TELEGRAM_TOKEN={yourtoken}

 

[shadowplatinum1]

did you do the nano .env good

This is what works for me

BACKEND_INTERFACE=0.0.0.0
BACKEND_PORT=8089
BACKEND_URL=http://{IP}:8089/
BACKEND_DEBUG=true
SOCKET_IO_URL=http://{IP}:3434
FRONTEND_URL=http://{IP}

FRONTEND_INTERFACE=0.0.0.0
FRONTEND_PORT=80

MYSQL_PORT=3306
MYSQL_DATABASE=hook
MYSQL_USER=no-root
MYSQL_ROOT_PASSWORD=ZDVdkJdkkskdkskS
MYSQL_PASSWORD=N7OkdksWKskkdD
MYSQL_HOST={IP}

PHP_SOCKETS_PORT=8000
PHP_TCP_PORT=12342

GOLANG_PORT=3434
GOLANG_KEY=1A1zP1eP5QGefi2DMPTfTL5SLmv7Divf
GOLANG_INITIAL_VECTOR=0123456789abcdef

TIMEZONE=UTC

TELEGRAM_TOKEN={yourtoken}

yes i did i changed to my vps ip