d0c731d59840fcce7501aa8ee9f4d27a51ca93b7c8dba2b4a1ed4d2042f5e208

Analysis

max time kernel
152s
max time network
148s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
10/03/2024, 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0c731d59840fcce7501aa8ee9f4d27a51ca93b7c8dba2b4a1ed4d2042f5e208.apk
Size

1.1MB
MD5

4779935c1795f4781e6377a0354479af
SHA1

e4236a3efe61395ae419040e7dbaaa135b63c7c7
SHA256

d0c731d59840fcce7501aa8ee9f4d27a51ca93b7c8dba2b4a1ed4d2042f5e208
SHA512

2405909de77f2e4f0245075d4cb2c0146151b2e4d9c1f853d7a2e355c6a0b811dc0b6d19cd8a01d839ee54f2424817bda4b4ce4d48850545b4916ccd3b3e4a94
SSDEEP

24576:mTVRRLzr4iyB8IM+mD7kn1sgEH+QBURFfFJNzsQn+bogDFqpmvCXY0:mxRtr4mgnn1HEFwVds++bpFqpmCz

Score

8^/10

evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
5034	com.fanta.services

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.fanta.services

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.fanta.services

com.fanta.services
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Uses Crypto APIs (Might try to encrypt user data)
PID:5034

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.fanta.services/databases/fanta.db

Filesize
28KB

MD5
4abfdbe07fb911bd6c04acb9ac8cbb3c

SHA1
a675e2941c6ea9e4b85a0232ef19420c7a54cc0d

SHA256
2b3c34398b0f6c614fd41240aab92142ad0101ea58cab263e791c98f9ad8f3d4

SHA512
bc75e4c7071934cfe0338d360b63574949ffe10bb6b828a67f730f9b7aa093f095764d45784a549c08e01690f420cf469fac87b51ca11888d6c894eab89780bd

Download Submit
/data/data/com.fanta.services/databases/fanta.db-journal

Filesize
512B

MD5
c5f6fab3e0c64f524e2ff2078dfa28f0

SHA1
36477003e95c1125b0eded770514aa15656ea671

SHA256
23a710f0edcf86745049ac0a8541ba5a5f5f954a8dfbbb5dbcf208e17c539f02

SHA512
5e99631937d0862c009779a2426e6d236beace9f2992b4deb6c832239f29d209f3c908e38941a9f50e253d1fcf5537653b15c2f9df6e27ee9bde809083455bca

Download Submit
/data/data/com.fanta.services/databases/fanta.db-journal

Filesize
8KB

MD5
48c122cbf155828857d51e0d2aa671be

SHA1
c450a9ab793de56466b5ac797f2ebb55a4f940a1

SHA256
ee56caef22e5630f16b153d0e3ec34874c0956e2e17a50e5a5725572c2a32fdb

SHA512
e881c52af6499b06dd0cf4146be295472d3b01d0c15593df8646854050f9e53af8fe3a326c30f3eedee7cd8c36d50dd29a8fcb4ac61eb3afc4d9e7d427f80550

Download Submit
/data/data/com.fanta.services/databases/fanta.db-journal

Filesize
8KB

MD5
a0e2c7420f238b8711b474899d9f1f28

SHA1
b7eb4c72af5f9724ad9ec6403c67988acd9ed838

SHA256
1b3412457508274405627ce0962b3955384955d2d6ddeab6ffaf365831c076cb

SHA512
6c17d4d0b8c943076274d39239b8f16e564b47287d81fc1a69f495424341ec6aa15544af66ca3933b2ca10b1e8bcf9ba4b964524b68a912f500f36dc4931715e

Download Submit