990e50ce20706be80b4d62367ff6ed615d6dd04551b42cfd80b1a8950065b646

Analysis

max time kernel
1564577s
max time network
148s
platform
android_x64
resource
android-x64-arm64-20231211-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20231211-enlocale:en-usos:android-11-x64system
submitted
12/12/2023, 08:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

990e50ce20706be80b4d62367ff6ed615d6dd04551b42cfd80b1a8950065b646.apk
Size

406KB
MD5

369ca8fd7af4865752c2241884e3b2cf
SHA1

ef4ea8f1ed83abbac62ed75b74cbf9c815887b3b
SHA256

990e50ce20706be80b4d62367ff6ed615d6dd04551b42cfd80b1a8950065b646
SHA512

1dfd768f803959f8e79331459fabb5fe5b7fed6550b952ac734f41b694ec2a72811ec34b5ae88fc2d444221ba77df4b384c95f58442b0eb138a9a497a800914c
SSDEEP

12288:9oIrRitNNC4ZulrkFAIlniM2XtQHKvZIcaEWI:9oCo922bWXKHKvHdX

Score

8^/10

stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 IoCs

stealth trojan

pid	Process
4434	com.photo.android.p

Requests cell location 1 IoCs

Uses Android APIs to to get current cell location.

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.photo.android.p

Tries to add a device administrator. 1 IoCs

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	com.photo.android.p

Reads information about phone network operator.

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.photo.android.p

com.photo.android.p
1⤵
- Removes its main activity from the application launcher
- Requests cell location
- Tries to add a device administrator.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4434

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.photo.android.p/databases/dynamicamapfile.db

Filesize
12KB

MD5
f41f531c07d4141546a531ff9caffdcd

SHA1
9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5

SHA256
bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646

SHA512
e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4

Download Submit
/data/user/0/com.photo.android.p/databases/dynamicamapfile.db-journal

Filesize
512B

MD5
ff72443c4284ceb0b2fcec62623290dd

SHA1
1c8b8df812cb13adf735f0105ac07be5f305b018

SHA256
5c91b8569e242ef0df0bcbce0597120041bcce5557893a3a65cef6a48ce662b7

SHA512
b6899632512a6b6d27da1b301faf20c8321cd1f90311862e2fe96d5171ef4cdc95aa2c339e125db8646c4b44a199e2285a0f88781ac1507b3743e59575456e3c

Download Submit
/data/user/0/com.photo.android.p/databases/dynamicamapfile.db-journal

Filesize
8KB

MD5
6a2669c5d4c4ba2fa81354cfd1d86feb

SHA1
b2425a930755ad9fae81deeb0012863051453c82

SHA256
03b65ceca5b98c3edbb8a0cd7b4fa09372a1f7a3bbe70efd85ab3fb17b14e208

SHA512
842a41e42d89a11d72e61f0116aff87ed3801e5bc1058028e61816c377f10441a5117f7c3bfa43336defc185d87ef534f77c4937397e21a789c7e765125c80cd

Download Submit
/data/user/0/com.photo.android.p/databases/dynamicamapfile.db-journal

Filesize
8KB

MD5
9e8e70467e67fbd9cd12c3971063e528

SHA1
5fc209d06db0b1096cc89abea12f92a7e9606516

SHA256
b65444cf777b1b031bf33eb9da4fed56c6f6a10fb3e28262ecb797c07df3132e

SHA512
6ab6ad4bc1b11b6e41e5bab4a794526cfb8b51087a670a638e8ea7a82d1562ced88fdbe4438435414dc1f5fe165d81d7ce92c2e69618b9234d439e5c68744271

Download Submit
/data/user/0/com.photo.android.p/databases/hmdb

Filesize
12KB

MD5
171aedf968e17a2744d2585715606cb9

SHA1
bbeddeb3b89fcf809619c35b4a318a80e7d5b029

SHA256
d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

SHA512
78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

Download Submit
/data/user/0/com.photo.android.p/databases/hmdb-journal

Filesize
512B

MD5
1324fc104ff4ccb07a6eda73c14123c9

SHA1
484c5019fb383b0464f2ad131f51ad5ed111659a

SHA256
9a354ccaee6e71ad0f3446edd8901d41f864055b0dc9e52adf96b096aecf90f1

SHA512
348905e67dd14a3b89b13d9c4e9897a4901c0d51f14cc6718a96fb72dee073077210c16403e6d11ade15227b193e6d2df646aa2e710182f9750bd39cba2ab9a1

Download Submit
/data/user/0/com.photo.android.p/databases/hmdb-journal

Filesize
8KB

MD5
2b15bf910920712b2ff02631de2a00d6

SHA1
3518efe339ff8104c0a955615cc98fa12fdb330a

SHA256
71232b41219516e9013e8cb44a6cfb855a5b8d097bfea1a0f82810debe902659

SHA512
183531e3ceea91b35d19c104695ef048102bcff5f289e51acbbbbf0730436179103d7c6fc7df8e2638b50d0f2ae4161266949c667962a821fa6f079ddd035aa0

Download Submit