6fbeb9fdce5e26e3d2d7d35103608c3e84fb7411157895c2279040aff9fb6ee7 | Triage

Analysis

max time kernel
17s
max time network
167s
platform
android_x64
resource
android-33-x64-arm64-20240229-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
submitted
31-03-2024 15:47

Sharing

Report Analysis Logs

General

Target

Ahmyth-aligned-debugSigned.apk
Size

293KB
MD5

97a4df8c6894f3888d1b91c3a6eaa2e5
SHA1

73e1666f15cd7b5061d24a8771d33870d50ecdf4
SHA256

6fbeb9fdce5e26e3d2d7d35103608c3e84fb7411157895c2279040aff9fb6ee7
SHA512

ffa46e684c69e43340c22e904e4218bd01b5f0899147fda541650d05d7f6d7c1c36a81e4de1337b9964d245b9ec6f1bca7be9067121c892b58084677f90ff695
SSDEEP

6144:N8iuy0OqjMfC6J1qbDqDNv6wEJ3XLBD7PVbPfX5s:N2OqjqSyDN3wVDL5X5s

Score

7^/10

evasion persistence privilege_escalation

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	ahmyth.mine.king.ahmyth

Tries to add a device administrator. 1 TTPs 1 IoCs

privilege_escalation

Device Administrator Permissions

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	ahmyth.mine.king.ahmyth

ahmyth.mine.king.ahmyth
1⤵
- Makes use of the framework's foreground persistence service
- Tries to add a device administrator.
PID:4259

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads