Analysis Overview
SHA256
79d95ee7626bbf24c95bba2a5f2eeb1008d875ecd1d7177765ddbadc3ce647ac
Threat Level: Likely malicious
The file 79d95ee7626bbf24c95bba2a5f2eeb1008d875ecd1d7177765ddbadc3ce647ac was found to be: Likely malicious.
Malicious Activity Summary
Removes its main activity from the application launcher
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-14 09:52
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-14 09:52
Reported
2024-03-14 09:54
Platform
android-x86-arm-20240221-en
Max time kernel
146s
Max time network
156s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
com.pix.art.TSR
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | 288.whitevik.com | udp |
| PL | 51.75.61.103:80 | 288.whitevik.com | tcp |
| GB | 142.250.200.14:443 | tcp | |
| GB | 142.250.200.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| GB | 216.58.213.10:443 | tcp |
Files
/data/data/com.pix.art.TSR/files/Config
| MD5 | 7352782780a2a7931e2087625067bfff |
| SHA1 | 107011ea3177f9dc7c9ec465d503a76ddd980311 |
| SHA256 | c4b6a0760e9502be538921e5427f93c09ab0529ed43c2e40633bce4ae061ed1f |
| SHA512 | 1dd9ad01c03b4e607527cc92c62ac1f7a6bd7cd24ad9840aac296ebc57858b03893b2d02991824a583a6056e652b947550c2d6f4141c7bb98ff70ff6db741aa8 |
/data/data/com.pix.art.TSR/files/Timer
| MD5 | a83541a18349cff86cb73b21703402f8 |
| SHA1 | 416a1162a86570032fe63067c25c051386d3905a |
| SHA256 | 26a236fb297813db534a77c89bb724efd63fab680228790d5ce6d5b5c87cdfdb |
| SHA512 | 0b366629718530e7d4dccf563b59faf66570d5d4420aa210362e81cc2c53293c36ea364a08faaf20925b0a89a849467db8a3f42f7f3dfd6ceab5b30f126b5e8b |
/data/data/com.pix.art.TSR/files/Timer
| MD5 | 27d419606b0c432e1cb73fa3cbaa9ad5 |
| SHA1 | 72e3b626bd26ca7e972e517bc4d80550f2318d9c |
| SHA256 | d4748b3e6596351ffe3537f4a3c5717c985a960b7b764ed8770a34d663e15ed1 |
| SHA512 | 14814af8282cb0c1a2cb46d5b82e18d38452644f4cfdf229960812748e151bb88fb580b57c3f6141faac358a2169bb7bd1507799e8a8bf8f09b89d0d5950d020 |
/data/data/com.pix.art.TSR/files/Config
| MD5 | c8300576867025cdeff3e3ff0200bd48 |
| SHA1 | 313e003351ac51327c2fa2a51d4bb5fa3dd6417e |
| SHA256 | 82bc2735ed155d1d12a2953a2d1d2dd3c5f8d47cd0557f94ec95667a8108ad15 |
| SHA512 | abb61067c94f4c389e897c9f4b715706e5f616979c324c0f190965a9ce74270af5ec189c7351b96628b7990e66d61140687fd0056fe2f90e552ae9e15b7ed48c |
/data/data/com.pix.art.TSR/files/Timer
| MD5 | 29063b2ba1f5876a4e3320df03837cc0 |
| SHA1 | b7a260858632530edbdde4f417ef72a02afd67ae |
| SHA256 | d27d44e592e64913fd1fa2470b6afcde3dacb4cf4ac0b8e6ec596e0311593a59 |
| SHA512 | f4ed06aad41e963eafbe050775383d79a72ad373297d4a07912e03e589c37997702031540bb5b41998c159572f4079834e3b57931fa12fbb23116d8c6c26d833 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-14 09:52
Reported
2024-03-14 09:55
Platform
android-x64-20240221-en
Max time kernel
151s
Max time network
153s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
com.pix.art.TSR
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | 288.whitevik.com | udp |
| PL | 51.75.61.103:80 | 288.whitevik.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 216.58.213.4:443 | tcp | |
| GB | 216.58.213.4:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 216.58.212.226:443 | tcp |
Files
/data/data/com.pix.art.TSR/files/Config
| MD5 | 4b4857d39424b2b7690bf787a1eabbfc |
| SHA1 | c895ca0c71bd82b9ea56484cfcaed925c2cdf547 |
| SHA256 | 00d3692e846124c9b15319466fd258b6f731bf78e25a73957fda541557296648 |
| SHA512 | 12fe225eec5da705fde2e4a6b807d6ead85bb43b5608899a8b3aad302c056efbb022c5eb8b43b16b5302d4ddaa68018edfa101498cc74805e6aa4172de59116c |
/data/data/com.pix.art.TSR/files/Timer
| MD5 | 1c12b4c6f9180009de6604579aed4784 |
| SHA1 | ff0f11dbb42860b42a2ad2d34d3dae9d3da0a2d9 |
| SHA256 | 6c95db731a033c62b34a62f8662f4ad0bc4e3734cf518a478df24c6e984d5e75 |
| SHA512 | 17c14b30fe3793efd84275bd4e82abaa360d953680406fdb9010ba565449b7627dfa0477b3a8d0b62a719cc38364ca2415be8a6fcf99cd2f39308c31d6b8ee7b |
/data/data/com.pix.art.TSR/files/Timer
| MD5 | d088755a546007680b87e2b6782aa6e5 |
| SHA1 | 2e06e6c60ea228c0fa4a8d18f47a8f2c9aa40890 |
| SHA256 | 3d82a38f874e96fa67e02b8b49dbbbddfa2071a4b387bc4a53a8d4526fa07c23 |
| SHA512 | 89477adb162af47f652896752760a097817e41c45cea08a717bffd2b5d1f220ccc3b318b8795211d5086cc68d03453e551319bd2f218d53ab86c1d6bb81ef2fc |
/data/data/com.pix.art.TSR/files/Config
| MD5 | 329b7d3ab3d6b3375a37853f46d436c0 |
| SHA1 | 9a5448e29082d01c1f64b0ee93ae482b350b9b11 |
| SHA256 | c3f5bc55daaa2c14e3c5d827217c8f1f78add9f4d31faca0f01e276629af8a4c |
| SHA512 | 132d8711ed12cccb1d17a8acb7d993aadac7e4ee17096c96be07d44f788913d234046d465c0edd7d4ed8fd2e54dbe0e6411dd9ec16afd5538f43c8db54956bba |
/data/data/com.pix.art.TSR/files/Timer
| MD5 | 21931ca043f90258c01ee4c5fb2a575a |
| SHA1 | e96e079f4ddc85100e8f942ec7aa86aaf8596e33 |
| SHA256 | 4eba6c17e92d46ae177a2b646898fd2459203a6d5f7c3de35339ff6793800c03 |
| SHA512 | bf11f5513179b8c17bf33bf136218e664e97529bf58952d77a5b4e5b212adc1586ed8271e2fbcc45a9ba136c72ef792793267202814a6d97f274247b85cbe38b |
Analysis: behavioral3
Detonation Overview
Submitted
2024-03-14 09:52
Reported
2024-03-14 09:54
Platform
android-x64-arm64-20240221-en
Max time kernel
151s
Max time network
152s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
com.pix.art.TSR
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.10:443 | udp | |
| GB | 142.250.200.14:443 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | 288.whitevik.com | udp |
| PL | 51.75.61.103:80 | 288.whitevik.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.4:443 | tcp | |
| GB | 142.250.200.4:443 | tcp |
Files
/data/user/0/com.pix.art.TSR/files/Config
| MD5 | 63f7c4823b11af3b8accda2f3ec71364 |
| SHA1 | a391b40da9967aa5ed4bd78d1a196bddb79d1bd5 |
| SHA256 | 242f674237de750b0fb7eb522da2a1c9ebf54f7e20aeb3ef7cef35604c532ee1 |
| SHA512 | 4df76f247ac9b447572196831c70aa8c08075858bab97ea482e14ab5a963f7ce78f9e2866e5c6f9361f800f8f796c48776a247cd80863345e27e2e4cdf8602ee |
/data/user/0/com.pix.art.TSR/files/Timer
| MD5 | 06409c68f14a9ad04d0dc32228b4f67a |
| SHA1 | f55e8fca71b8fd8f6476b7e5d2a84f84b28665b3 |
| SHA256 | ff99dffe844f7f0189b8ea32a016c5d42f5a96e4e8a3263a438cfb940570e5c5 |
| SHA512 | 384cc840855f502b525c4b548a453b147606cf884af186cc7cd6b22d8a4b9d6675c125a450413f3e28b9b9b6d4fe7450b72439b87304f0c025925b8a527141dc |
/data/user/0/com.pix.art.TSR/files/Timer
| MD5 | d34c8dce50e55dd0fb0d637b59a34a0a |
| SHA1 | d1fe1b00db877cf2d5aba6d526314b492ebbbc2d |
| SHA256 | 8b7c084c3c93b573d86b899c2aa43f8c5e182ca9b9d99401e6873bf6e9a201b3 |
| SHA512 | c1266182026bd0df832275d4f918c1f094e225b63d96ff418fb77f3a277f180f542ad2f6cf74f968a046d19173620152071a32616e938e1238cd5a27454ad5d4 |
/data/user/0/com.pix.art.TSR/files/Config
| MD5 | d858804c93344b159ed263d3230c336a |
| SHA1 | 73e187663e49b19ac49a4b19d0aad925ed039aa6 |
| SHA256 | 04bf3dd57a40e6db729c7f243df13b93eb87d75f21840a2eb61e5c2f2939b0a2 |
| SHA512 | 912e1e892f0d9c632e4e67b6a9e566612972039a53490762a6bbcde02f560bf1629358683e7ee1a166ba781262ee8c52923b96a4a14cbb3eb1c62bba8a4c0a0f |
/data/user/0/com.pix.art.TSR/files/Timer
| MD5 | 15f6c624aee593fff8e8f8b0ccda84d0 |
| SHA1 | de0b7ecb4339221a7029cb55c2f1dd6d5cda2b55 |
| SHA256 | 0f105c260d512d64394c3c7f5d267758298270e2c880a3734ce2b391c446bce6 |
| SHA512 | 44f8d151256be29e419d48e1beaebd9c6e4d355cd9e4eeca3a91d69cee062ff9aad0affb9863ed3eec50e80b961c0e3ce20249050c056cb1b53ab3f8d33ae302 |