Malware Analysis Report

2025-01-19 05:36

Sample ID 240314-lv5gpsbd26
Target 79d95ee7626bbf24c95bba2a5f2eeb1008d875ecd1d7177765ddbadc3ce647ac
SHA256 79d95ee7626bbf24c95bba2a5f2eeb1008d875ecd1d7177765ddbadc3ce647ac
Tags
evasion stealth trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

79d95ee7626bbf24c95bba2a5f2eeb1008d875ecd1d7177765ddbadc3ce647ac

Threat Level: Likely malicious

The file 79d95ee7626bbf24c95bba2a5f2eeb1008d875ecd1d7177765ddbadc3ce647ac was found to be: Likely malicious.

Malicious Activity Summary

evasion stealth trojan

Removes its main activity from the application launcher

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-14 09:52

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-14 09:52

Reported

2024-03-14 09:54

Platform

android-x86-arm-20240221-en

Max time kernel

146s

Max time network

156s

Command Line

com.pix.art.TSR

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Processes

com.pix.art.TSR

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 288.whitevik.com udp
PL 51.75.61.103:80 288.whitevik.com tcp
GB 142.250.200.14:443 tcp
GB 142.250.200.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
GB 216.58.213.10:443 tcp

Files

/data/data/com.pix.art.TSR/files/Config

MD5 7352782780a2a7931e2087625067bfff
SHA1 107011ea3177f9dc7c9ec465d503a76ddd980311
SHA256 c4b6a0760e9502be538921e5427f93c09ab0529ed43c2e40633bce4ae061ed1f
SHA512 1dd9ad01c03b4e607527cc92c62ac1f7a6bd7cd24ad9840aac296ebc57858b03893b2d02991824a583a6056e652b947550c2d6f4141c7bb98ff70ff6db741aa8

/data/data/com.pix.art.TSR/files/Timer

MD5 a83541a18349cff86cb73b21703402f8
SHA1 416a1162a86570032fe63067c25c051386d3905a
SHA256 26a236fb297813db534a77c89bb724efd63fab680228790d5ce6d5b5c87cdfdb
SHA512 0b366629718530e7d4dccf563b59faf66570d5d4420aa210362e81cc2c53293c36ea364a08faaf20925b0a89a849467db8a3f42f7f3dfd6ceab5b30f126b5e8b

/data/data/com.pix.art.TSR/files/Timer

MD5 27d419606b0c432e1cb73fa3cbaa9ad5
SHA1 72e3b626bd26ca7e972e517bc4d80550f2318d9c
SHA256 d4748b3e6596351ffe3537f4a3c5717c985a960b7b764ed8770a34d663e15ed1
SHA512 14814af8282cb0c1a2cb46d5b82e18d38452644f4cfdf229960812748e151bb88fb580b57c3f6141faac358a2169bb7bd1507799e8a8bf8f09b89d0d5950d020

/data/data/com.pix.art.TSR/files/Config

MD5 c8300576867025cdeff3e3ff0200bd48
SHA1 313e003351ac51327c2fa2a51d4bb5fa3dd6417e
SHA256 82bc2735ed155d1d12a2953a2d1d2dd3c5f8d47cd0557f94ec95667a8108ad15
SHA512 abb61067c94f4c389e897c9f4b715706e5f616979c324c0f190965a9ce74270af5ec189c7351b96628b7990e66d61140687fd0056fe2f90e552ae9e15b7ed48c

/data/data/com.pix.art.TSR/files/Timer

MD5 29063b2ba1f5876a4e3320df03837cc0
SHA1 b7a260858632530edbdde4f417ef72a02afd67ae
SHA256 d27d44e592e64913fd1fa2470b6afcde3dacb4cf4ac0b8e6ec596e0311593a59
SHA512 f4ed06aad41e963eafbe050775383d79a72ad373297d4a07912e03e589c37997702031540bb5b41998c159572f4079834e3b57931fa12fbb23116d8c6c26d833

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-14 09:52

Reported

2024-03-14 09:55

Platform

android-x64-20240221-en

Max time kernel

151s

Max time network

153s

Command Line

com.pix.art.TSR

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Processes

com.pix.art.TSR

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.40:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 288.whitevik.com udp
PL 51.75.61.103:80 288.whitevik.com tcp
GB 142.250.178.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.213.4:443 tcp
GB 216.58.213.4:443 tcp
GB 142.250.178.14:443 tcp
GB 216.58.212.226:443 tcp

Files

/data/data/com.pix.art.TSR/files/Config

MD5 4b4857d39424b2b7690bf787a1eabbfc
SHA1 c895ca0c71bd82b9ea56484cfcaed925c2cdf547
SHA256 00d3692e846124c9b15319466fd258b6f731bf78e25a73957fda541557296648
SHA512 12fe225eec5da705fde2e4a6b807d6ead85bb43b5608899a8b3aad302c056efbb022c5eb8b43b16b5302d4ddaa68018edfa101498cc74805e6aa4172de59116c

/data/data/com.pix.art.TSR/files/Timer

MD5 1c12b4c6f9180009de6604579aed4784
SHA1 ff0f11dbb42860b42a2ad2d34d3dae9d3da0a2d9
SHA256 6c95db731a033c62b34a62f8662f4ad0bc4e3734cf518a478df24c6e984d5e75
SHA512 17c14b30fe3793efd84275bd4e82abaa360d953680406fdb9010ba565449b7627dfa0477b3a8d0b62a719cc38364ca2415be8a6fcf99cd2f39308c31d6b8ee7b

/data/data/com.pix.art.TSR/files/Timer

MD5 d088755a546007680b87e2b6782aa6e5
SHA1 2e06e6c60ea228c0fa4a8d18f47a8f2c9aa40890
SHA256 3d82a38f874e96fa67e02b8b49dbbbddfa2071a4b387bc4a53a8d4526fa07c23
SHA512 89477adb162af47f652896752760a097817e41c45cea08a717bffd2b5d1f220ccc3b318b8795211d5086cc68d03453e551319bd2f218d53ab86c1d6bb81ef2fc

/data/data/com.pix.art.TSR/files/Config

MD5 329b7d3ab3d6b3375a37853f46d436c0
SHA1 9a5448e29082d01c1f64b0ee93ae482b350b9b11
SHA256 c3f5bc55daaa2c14e3c5d827217c8f1f78add9f4d31faca0f01e276629af8a4c
SHA512 132d8711ed12cccb1d17a8acb7d993aadac7e4ee17096c96be07d44f788913d234046d465c0edd7d4ed8fd2e54dbe0e6411dd9ec16afd5538f43c8db54956bba

/data/data/com.pix.art.TSR/files/Timer

MD5 21931ca043f90258c01ee4c5fb2a575a
SHA1 e96e079f4ddc85100e8f942ec7aa86aaf8596e33
SHA256 4eba6c17e92d46ae177a2b646898fd2459203a6d5f7c3de35339ff6793800c03
SHA512 bf11f5513179b8c17bf33bf136218e664e97529bf58952d77a5b4e5b212adc1586ed8271e2fbcc45a9ba136c72ef792793267202814a6d97f274247b85cbe38b

Analysis: behavioral3

Detonation Overview

Submitted

2024-03-14 09:52

Reported

2024-03-14 09:54

Platform

android-x64-arm64-20240221-en

Max time kernel

151s

Max time network

152s

Command Line

com.pix.art.TSR

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Processes

com.pix.art.TSR

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 udp
GB 142.250.200.14:443 udp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 288.whitevik.com udp
PL 51.75.61.103:80 288.whitevik.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.4:443 tcp
GB 142.250.200.4:443 tcp

Files

/data/user/0/com.pix.art.TSR/files/Config

MD5 63f7c4823b11af3b8accda2f3ec71364
SHA1 a391b40da9967aa5ed4bd78d1a196bddb79d1bd5
SHA256 242f674237de750b0fb7eb522da2a1c9ebf54f7e20aeb3ef7cef35604c532ee1
SHA512 4df76f247ac9b447572196831c70aa8c08075858bab97ea482e14ab5a963f7ce78f9e2866e5c6f9361f800f8f796c48776a247cd80863345e27e2e4cdf8602ee

/data/user/0/com.pix.art.TSR/files/Timer

MD5 06409c68f14a9ad04d0dc32228b4f67a
SHA1 f55e8fca71b8fd8f6476b7e5d2a84f84b28665b3
SHA256 ff99dffe844f7f0189b8ea32a016c5d42f5a96e4e8a3263a438cfb940570e5c5
SHA512 384cc840855f502b525c4b548a453b147606cf884af186cc7cd6b22d8a4b9d6675c125a450413f3e28b9b9b6d4fe7450b72439b87304f0c025925b8a527141dc

/data/user/0/com.pix.art.TSR/files/Timer

MD5 d34c8dce50e55dd0fb0d637b59a34a0a
SHA1 d1fe1b00db877cf2d5aba6d526314b492ebbbc2d
SHA256 8b7c084c3c93b573d86b899c2aa43f8c5e182ca9b9d99401e6873bf6e9a201b3
SHA512 c1266182026bd0df832275d4f918c1f094e225b63d96ff418fb77f3a277f180f542ad2f6cf74f968a046d19173620152071a32616e938e1238cd5a27454ad5d4

/data/user/0/com.pix.art.TSR/files/Config

MD5 d858804c93344b159ed263d3230c336a
SHA1 73e187663e49b19ac49a4b19d0aad925ed039aa6
SHA256 04bf3dd57a40e6db729c7f243df13b93eb87d75f21840a2eb61e5c2f2939b0a2
SHA512 912e1e892f0d9c632e4e67b6a9e566612972039a53490762a6bbcde02f560bf1629358683e7ee1a166ba781262ee8c52923b96a4a14cbb3eb1c62bba8a4c0a0f

/data/user/0/com.pix.art.TSR/files/Timer

MD5 15f6c624aee593fff8e8f8b0ccda84d0
SHA1 de0b7ecb4339221a7029cb55c2f1dd6d5cda2b55
SHA256 0f105c260d512d64394c3c7f5d267758298270e2c880a3734ce2b391c446bce6
SHA512 44f8d151256be29e419d48e1beaebd9c6e4d355cd9e4eeca3a91d69cee062ff9aad0affb9863ed3eec50e80b961c0e3ce20249050c056cb1b53ab3f8d33ae302