Malware Analysis Report

2025-01-19 05:34

Sample ID 240313-ppf4psef63
Target 1773821368ba2d64667bbeecce5d6b42c943e6e93a7ba435cf420ae97d4c7b2c
SHA256 1773821368ba2d64667bbeecce5d6b42c943e6e93a7ba435cf420ae97d4c7b2c
Tags
evasion stealth trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

1773821368ba2d64667bbeecce5d6b42c943e6e93a7ba435cf420ae97d4c7b2c

Threat Level: Likely malicious

The file 1773821368ba2d64667bbeecce5d6b42c943e6e93a7ba435cf420ae97d4c7b2c was found to be: Likely malicious.

Malicious Activity Summary

evasion stealth trojan

Removes its main activity from the application launcher

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-13 12:30

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-03-13 12:30

Reported

2024-03-13 12:32

Platform

android-x64-arm64-20240221-en

Max time kernel

155s

Max time network

164s

Command Line

com.tuneonn.healthtips

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Processes

com.tuneonn.healthtips

Network

Country Destination Domain Proto
GB 142.250.200.46:443 tcp
GB 142.250.200.46:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.169.46:443 udp
US 1.1.1.1:53 w.gtrconf.info udp
US 3.141.96.53:80 w.gtrconf.info tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.180.8:443 ssl.google-analytics.com tcp
GB 216.58.212.228:443 tcp
GB 216.58.212.228:443 tcp

Files

/data/user/0/com.tuneonn.healthtips/files/Config

MD5 266498062a5396207fdac7677f8c7ab4
SHA1 291c49ed209258a11ea84048a7d7a43e82586f0a
SHA256 94686edd94606edcda44f97b53f1718046528de7dbcb7ce5c510daf022a8dede
SHA512 0fd6bb1970dd9e9b9e2c7f368402c9f3108e37eca8384967a7a4b3851f872adaf1ec415e51b70cf5f7b1dd06e6fc461b3d22105be982ca7c84ff2ccc32d536a1

/data/user/0/com.tuneonn.healthtips/files/Timer

MD5 96572ae414fdb16367efeb21ddcc0469
SHA1 eab63c8d8c46288b479c61004b28f95288a0d907
SHA256 6c7e9a1703eaa983e5a6066739aa5e1d5e6f39ee079129521152ca52d5abba6f
SHA512 89c7b092bb499a6abfa99745c020cbbe59e93451f3af0281bad387e7e7128434293e84c2d80b9d52cf2486562722e3a581788788c08c02de01b371f56acfc4aa

/data/user/0/com.tuneonn.healthtips/files/Timer

MD5 48342ac8e517b7434942c0573e105ec1
SHA1 b806f3134d3579ea0c2dd981e6383d8a6f510915
SHA256 49206517f076ad2b53cce11e86c8680ab5a3a1a4424bd54d4ea7e03973538fd8
SHA512 78bdb31e251b6d12aefe62b1e1a298d7c701999d12dd817c7254511480f46049e9ef11eab481aab09ade8b545c37d0b9270719459010abaca4649af2ea38b5b1

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-13 12:30

Reported

2024-03-13 12:32

Platform

android-x86-arm-20240221-en

Max time kernel

150s

Max time network

132s

Command Line

com.tuneonn.healthtips

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Processes

com.tuneonn.healthtips

Network

Country Destination Domain Proto
GB 216.58.212.195:443 tcp
GB 216.58.212.195:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 w.gtrconf.info udp
US 3.20.137.44:80 w.gtrconf.info tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/com.tuneonn.healthtips/files/Config

MD5 0d2c8c3ed1b3ab72e2df454f54598e7c
SHA1 7e505e1c6f80686de315bc22a06585f25915fbf2
SHA256 94d5887ef857bd018a1606eafb20e61c319c38a63208bca1a9651aa4a132135e
SHA512 d5962fe12b0a481f08cec17475e292d2a171b662d4e976aa3288a56d1727796254fb50b1673ed1c89be33843c8e1436ca6daf82d19b18d993b45e7c6e8f7c9dd

/data/data/com.tuneonn.healthtips/files/Timer

MD5 4304c7415ff67be90496ea1ef90e686e
SHA1 9e44aa7a8c5bfc45c04db5cf5e221dddb0e388e7
SHA256 a7d0dba3fd8dbb1fec54bc7c0709c5e4d6af377827df22cfdb0571ee97f02950
SHA512 5ebeec34c93ffb873fd383275bf88b493490f193dfc565179eec7a00f92e88409242daefdafa6d06b87113ba6ab8aa22855bf0d2e9788deae07a6767a1ed0973

/data/data/com.tuneonn.healthtips/files/Timer

MD5 93e967055c2ca0fd170677de3cb89402
SHA1 aef0ef1c104c6b9ca339b4f0a5ae2fd6d7f19daf
SHA256 71d971c42bd55babbadfa2fa340cd06afe641fac6b5c1ba461faf3ba0ce15d2d
SHA512 ea0a8fa8f9a316ecd80b4ec11515a4f09c95ccb2c7c764f0c6aac1e69106f05ab0c5f80e01dcbfe7372bb0c0a5f259ce79bf30f29d12f9a3140dee9423391636

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-13 12:30

Reported

2024-03-13 12:32

Platform

android-x64-20240221-en

Max time kernel

150s

Max time network

154s

Command Line

com.tuneonn.healthtips

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Processes

com.tuneonn.healthtips

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 w.gtrconf.info udp
US 3.141.96.53:80 w.gtrconf.info tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
GB 216.58.212.228:443 tcp
GB 216.58.212.228:443 tcp
GB 172.217.169.66:443 tcp
GB 172.217.169.14:443 tcp

Files

/data/data/com.tuneonn.healthtips/files/Config

MD5 2170a82a918e3a83d09359e8713d3f97
SHA1 9c39adab54d53e6586d0a272ee639bd0c747ab5a
SHA256 7085db88ae7bb390a23a2c52f3a58da0b10f8c5fc75c56d2dd1f938839e30f95
SHA512 49e7c846a54c5eb16a5df767e8d9784f63da8de3fc66788bfe77c116a06032a516c4f8c2e6ff0b1aa86139687f38cb1ee9cc333b705327e28c4ce772b95dc3ed

/data/data/com.tuneonn.healthtips/files/Timer

MD5 52afe9b5e624c6f5bcb9fb043a0fb6f3
SHA1 c2c7b3a262f70577c6165d49890649283439b1c8
SHA256 8ded5d996f7dbe3c48c739b70b685c31a573eee8cc01b8634c86914a934a8ede
SHA512 82a70a515045c3f53726b10466ecbfb9e865693cae6421fd20f808e7e40af39bcaf7f1a0a4699a4d70718e9f5ba16ac7c5078e95fc7f59a25cd3f8d1b3e19c62

/data/data/com.tuneonn.healthtips/files/Timer

MD5 53a1b1e09680ae942edb44f2baa66d51
SHA1 718fa79e6d70b625604820b37656b8592bd23e16
SHA256 1af56607c65aec630f119a95a5ae5ca7f9f968ab53470c2b7012752f8adfe122
SHA512 717ae18f19e037899921262fd70e5363a564c811154bb1917d99c74618ae525f7fd14bd57f54875eb45024c01f6a5618f5275e1491940e8824b4852e4338a93a