73729646a7768a5bd4c301842c19b3b16bb190e435af466a731ad36544982098 | Triage

Analysis

max time kernel
27s
max time network
135s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
10/04/2024, 11:53

Sharing

Report Analysis Logs

General

Target

73729646a7768a5bd4c301842c19b3b16bb190e435af466a731ad36544982098.apk
Size

4.3MB
MD5

f10c5efe7eea3c5b7ebb7f3bf7624073
SHA1

fba2097378b0fcc82fcc4e85e7537331f6df4b94
SHA256

73729646a7768a5bd4c301842c19b3b16bb190e435af466a731ad36544982098
SHA512

0dadcbf16c82bf4d94447cf609c71b1edcf47f57a2d93336a48ae70a075bcc7c21cc10e609244e1a5f4f1cda513fb9f387a0f1267294935ee4597a41a2cd7775
SSDEEP

98304:g6f0tR1SoR1ykRfvAzzUCTIruJD+WyVyB8LGzOPkwyqhho:Fo1S2BRAhIrUMVdJho

Score

8^/10

evasion privilege_escalation stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

pid	Process
4249	com.pdf.google.vm

Tries to add a device administrator. 1 TTPs 1 IoCs

privilege_escalation

Device Administrator Permissions

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	com.pdf.google.vm

com.pdf.google.vm
1⤵
- Removes its main activity from the application launcher
- Tries to add a device administrator.
PID:4249
- su
  2⤵
  PID:4305

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads