Malware Analysis Report

2025-01-19 05:36

Sample ID 240314-lv6d1abd27
Target 35aec6d977e0501d869d3edd30ced22653f2d57488934f5927ac305b72943ad7
SHA256 35aec6d977e0501d869d3edd30ced22653f2d57488934f5927ac305b72943ad7
Tags
evasion stealth trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

35aec6d977e0501d869d3edd30ced22653f2d57488934f5927ac305b72943ad7

Threat Level: Likely malicious

The file 35aec6d977e0501d869d3edd30ced22653f2d57488934f5927ac305b72943ad7 was found to be: Likely malicious.

Malicious Activity Summary

evasion stealth trojan

Removes its main activity from the application launcher

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-14 09:52

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-14 09:52

Reported

2024-03-14 09:55

Platform

android-x86-arm-20240221-en

Max time kernel

145s

Max time network

137s

Command Line

jsn.eyecoloreditor

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Processes

jsn.eyecoloreditor

Network

Country Destination Domain Proto
US 1.1.1.1:53 a.zeroproofs.com udp
PL 51.75.61.103:80 a.zeroproofs.com tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp

Files

/data/data/jsn.eyecoloreditor/files/Config

MD5 ec30961949f438ac985f45b9f45682f3
SHA1 adb4e9084fe2d4e9357ea460cebc7772fada4b81
SHA256 4c86f243eb5fc949d0f36846486ac16ffa8323d0d651f3126fdf4a5616f0c07e
SHA512 c9e610d66ae74c90f45a29d9a624911e0634ed7bff87d82814a2b7c7c65d00a0f26cae7ad5f181be9d5141df87532c86272a1c18fd6658637e25bb19e920e478

/data/data/jsn.eyecoloreditor/files/Timer

MD5 25e6224b7c556b0429171172d8c026b5
SHA1 28759ea7695d8d426bdff49a4fb4a14b9d4b2b73
SHA256 e61283e98001014f4ece0e6347bfefb317f52df79b5366d38693461be8b7e773
SHA512 5d1b5173205e1c5c921465716df205267b3ad95a3e6d94497de6950d454f4a3a39da42a78ff0efcc4c932cccbe72a29d264d69c39987fd75fe9247a54038433c

/data/data/jsn.eyecoloreditor/files/Timer

MD5 a9ba177b7d4a483c267326bbe640faa2
SHA1 8778c25399c107cb63149863e57defce7e732d9c
SHA256 9f5a9c42b65344078737464280f8a5cc4c2bc172f43047ede7baf690c79b2e24
SHA512 603e4443e0fc0e08db018e90d9ad28fa1fdf97549a22bfc9a591761594d23a4d7339021653036fb734cdca9ec37ce5cf46a4ac13761999aec5e992a77bbc5bbe

/data/data/jsn.eyecoloreditor/files/Config

MD5 2e4bff7a73177d5386919af34796c420
SHA1 68be78ba2285fdd14272c7a493a1bf5556a5173b
SHA256 59bd0ece4edca3b221e94110fec8aff6bf73ec8cf8554cf2d6ae774ad572fc22
SHA512 4c958f482bf2e53909fa5a4086c027f8ae082c4c272cea9a2718d008979c8e883438ee60c3c22682065dc9d29920d4eb9f0510e06e6abf71ce6bfc50a54a1a95

/data/data/jsn.eyecoloreditor/files/Timer

MD5 83f0b02977d758fd76a52811b706481c
SHA1 5da610ddce933d358191ded2824b089d869df257
SHA256 baffe77851931423c7dd6fe635e148b9b81edefd6c61d4ff6b6c2f7e41dcbfe1
SHA512 baef17717425f1e5a1eaddd35fd84084b725545159278ea47cd7f21af788e7c43cd4614dc8f4ca0bfd8ac4c18290a216555fec4a5538f48b55aa52429bce4980

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-14 09:52

Reported

2024-03-14 09:55

Platform

android-x64-20240221-en

Max time kernel

154s

Max time network

151s

Command Line

jsn.eyecoloreditor

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Processes

jsn.eyecoloreditor

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 a.zeroproofs.com udp
PL 51.75.61.103:80 a.zeroproofs.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.200:443 ssl.google-analytics.com tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 216.58.212.228:443 tcp
GB 216.58.212.228:443 tcp
GB 172.217.169.66:443 tcp
GB 172.217.169.14:443 tcp

Files

/data/data/jsn.eyecoloreditor/files/Config

MD5 44ae818dc22a60c8210a47ce60174545
SHA1 f959f4f2c95b601ea5b86856e43471afa5d0b136
SHA256 45003db1eaa24e98eae5c7b35c748879f8296396dff59d841ab6c2657970d673
SHA512 81c396f58d3b176aeb1026c83c1fdcabbb37b5989d78692922d7971376d8a2da6fedbcfbafdf4f58c5f842ede9d61597c312c62ec9309210e910c97edb228064

/data/data/jsn.eyecoloreditor/files/Timer

MD5 3d52bdd5266a77b2b5974bc05bd5694a
SHA1 ce972bcb056a6954e708918707e66128cf232ddd
SHA256 cd406fe5f4d4711d45bad659c457e3898a5d4e0c7ca5d99966b21bf78ef9e1a9
SHA512 68a753af99c4c05bea2bacc8a8a1e8f76140f5075367ed5c68cf0f328c3224f4bd8d5415e66f3778d2152d9ee8541e95b5eb3c2b584998b8c296cc8c58354f60

/data/data/jsn.eyecoloreditor/files/Timer

MD5 4530d9dd341f613ed8717df491aacb8f
SHA1 4535da0d0cd09df53c30ea1d359da960377f9a0b
SHA256 f0f9658e901a75441b4844e5dff74c56adc9647562d34054d803517bae9d7089
SHA512 c852baf892a503277e8541d15cfef63d0e8f4f9395d4d722649af58cf847e0042284126e15a79911ca899b04b434fc84aa2afe3e37237d0a6b9c7e06ab5addb0

/data/data/jsn.eyecoloreditor/files/Config

MD5 8be6e41cde252c720cce047963f3aba0
SHA1 b3c5e8bf8ddf4cd00cf534c1176dfb83be79e297
SHA256 73c319acbb0fd09e1487fc28df2eec895059e5e650b0070bcc570ff9a4718235
SHA512 e4cf31203508396535a49763ea40d6dce2127464e1052de5ad143434101f618ee3f5c60907dc8a5658477d6f03f3c56dd6ef1c9b63db8da5e5e6c379c52d301f

/data/data/jsn.eyecoloreditor/files/Timer

MD5 16ac921c6e665811df1126e094957ee4
SHA1 59de9947168958386070464a44c1899559390bd9
SHA256 493c6c79f614b79b5aec8d4362dcb4fc7958a66a066c83c544cfa188f811a537
SHA512 98f21dc344e4031b21bd07641e91898a40b6e36d216a8d3b2c24fa3d5158a94aa0869421aef71c1a7f6cbbe173a67c7b69cfc0cc76c86f054c130463918cb7e6

Analysis: behavioral3

Detonation Overview

Submitted

2024-03-14 09:52

Reported

2024-03-14 09:55

Platform

android-x64-arm64-20240221-en

Max time kernel

155s

Max time network

144s

Command Line

jsn.eyecoloreditor

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Processes

jsn.eyecoloreditor

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
US 1.1.1.1:53 a.zeroproofs.com udp
PL 51.75.61.103:80 a.zeroproofs.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.200.8:443 ssl.google-analytics.com tcp
GB 172.217.169.4:443 tcp
GB 172.217.169.4:443 tcp

Files

/data/user/0/jsn.eyecoloreditor/files/Config

MD5 8793dbc5314b3561fc0c5e225452463c
SHA1 122a8112b2a35a65861090edd117a5cf3a1227c8
SHA256 6d3eee085be9be3928eb58b974bf327267d055741b8a67b173c86eb5f97ea1c2
SHA512 caf8fffe7fbe636f178347a7a9d5a26aed20941b6c46cf0e86846d363f0036713e201bb171a447dc9b944060e7130dde241ccbfd3ca2143042727cc2f18a2f9d

/data/user/0/jsn.eyecoloreditor/files/Timer

MD5 9a3c0ae6b4fb7ce9fa02be91c4397d2e
SHA1 ebc6b27985f75c0c0dd652895b1ff1a433dabb07
SHA256 041bedc9e1da236f2799cd4cd3056d3adc642d6a559e2c038bcc53487e7d5e0e
SHA512 7765185fa27e165eb94c24eaec87dd8e068f4173d8c84b2bf1e80ea24e1ddcc0574a4175c946c06fe778cfcb79e82297bcd9c0e549adb96eeb90b25027bf964f

/data/user/0/jsn.eyecoloreditor/files/Timer

MD5 af06bce46e8f9095e620caa988d2ee11
SHA1 d0f8989ac4cd65b0da1e69ae326a381ea7286e2b
SHA256 3ece506cce4f837d6ad362ecd7846b0986a8e1948924fa18fde15eab6e647705
SHA512 941858a0d74973366bf5a38b2daac3b86961e88b3bd6164d1db59ccc068f827b861fbb3cb9a65e8d0d673df94f63b9ac1a3caa87e59454bd1253c2ca7ae0e4bd

/data/user/0/jsn.eyecoloreditor/files/Config

MD5 dd374084f4ceb9540216aeef9b3fe280
SHA1 1272f8077ae84076527562143bdd09685a294ef8
SHA256 363c13af4f50310ce0852759ee0874b1f077d46026907a396c2870f3fc1e8f52
SHA512 f4e5e5bbd504fc608c109336bb9ee08712b550757f36055cd68821699eeff9d71e90cb86cd96dd97f4e429932c112fff69028ceb4e1a368b77ef3887e71f0c7f

/data/user/0/jsn.eyecoloreditor/files/Timer

MD5 41e599f97cd15145d5df6ae3c3c15fc8
SHA1 35110358a4d9a8988b70d867156596aa86307da5
SHA256 88cae02e9d2efcb36ccecc7e326f6e65d30a87af743470d9356ce90b39e43274
SHA512 7a56e474d8dfdeaedbab84353e8ed2cb5e4ec66bfbd2b4988d9bd4582a372c2b22661cce18acf28c754ebce0307d856dd39ae69ba8d2c137a32d0046901bf72d