633739c3b51715516fb226b3b9c693530d8ef715ac19093cdf6aaf108149b91f

Analysis

max time kernel
143s
max time network
149s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
10/04/2024, 11:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

633739c3b51715516fb226b3b9c693530d8ef715ac19093cdf6aaf108149b91f.apk
Size

881KB
MD5

8aec3dfcd6addabeda02cf89baa8df4a
SHA1

71f18286c4db997ad1cd699aec49d154c404f675
SHA256

633739c3b51715516fb226b3b9c693530d8ef715ac19093cdf6aaf108149b91f
SHA512

ee55fa746c7af99ed5e26892920b3b1d6a4eec074a420c6f850c630636731e72287c5c2970749cf0355e4bfd1e6fafdf644e4f933379e1868163cd8295ba2cd8
SSDEEP

24576:MeZ3RpUcvjTZDlF8n9I485tc40Pqpd/NtlLgIio:MeZ3RmCllLxuqpHv8Iio

Score

8^/10

collection discovery evasion privilege_escalation stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4240	com.view.openpdf

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.view.openpdf

Tries to add a device administrator. 1 TTPs 1 IoCs

privilege_escalation

Device Administrator Permissions

T1626.001

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	com.view.openpdf

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.view.openpdf

com.view.openpdf
1⤵
- Removes its main activity from the application launcher
- Requests cell location
- Tries to add a device administrator.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4240
- su
  2⤵
  PID:4273

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1626

Device Administrator Permissions

T1626.001

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Location Tracking

T1430

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.view.openpdf/databases/dynamicamapfile.db

Filesize
20KB

MD5
d5950b4302984c62ae015c70f8359000

SHA1
44de2b51c2942afc6706cfd591bd17e0b22732a2

SHA256
b25855280d949ff775756116e72d78ac73561352dfa33866835ccd355d037f9d

SHA512
39c732e681ba5913a12d78056a128a2f7a2cf3b78f5735727e629b15bd5f498ea22ca1bee6bd0c7580c2443cc08e4416c454679bf52ca34fb91366f6374b334c

Download Submit
/data/data/com.view.openpdf/databases/dynamicamapfile.db-journal

Filesize
512B

MD5
acd30868ee789338afe47de0fad9d96b

SHA1
cbfd5d2903d2d84032725a49945d6538ff133cc8

SHA256
ffe619bdb9c81c28d6119e39b28c0740be8efb9ae45b875b1ac79d236ea2e394

SHA512
835f2f307cac9bae238f650812d14aa514525e7abcf5834240a617a27cd56eb2543302052dfd9029de09536f1056aecf931704166f02d33eda4cd580dd5347ba

Download Submit
/data/data/com.view.openpdf/databases/dynamicamapfile.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.view.openpdf/databases/dynamicamapfile.db-wal

Filesize
32KB

MD5
1c629ddf96e5930ce22d0ff89348e19e

SHA1
b67b5d3a3020e0231c0db48873e2d703cad9eb07

SHA256
8e03bc98c18a0fb218a8ec16474595d503c2d97db8aeada5ede47e87ba1fbb54

SHA512
a415cd134fb33fb64705598d208ae9083af2d65f89ddebce1615b2d51a7b65da9b41184880c904758c91b7345b7c22eca55bb6f3fd9f4cf1b4caed83e7e10fbd

Download Submit
/data/data/com.view.openpdf/databases/hmdb

Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/data/data/com.view.openpdf/databases/hmdb-journal

Filesize
512B

MD5
4b0b5e553927869f759430f50e937ba2

SHA1
64bb5111c9baf209ac42f6d80665822ddb65c509

SHA256
fc08f7d173a173acf7bd98b5f371242fdf0cd26982d9ce03ebb19c225828bc4b

SHA512
6e1ca0b45a78246b633972e5466fa9b36a9276ff07b5454e24ac66584ee7dde529d0e67d9f4b1511db82b9ac3ec483d3402e5f69295e9ff1dc13add6397d4d0b

Download Submit
/data/data/com.view.openpdf/databases/hmdb-wal

Filesize
16KB

MD5
a5603d7eef4922d3404c69398991e80f

SHA1
e63e4cba8541c2039361b2a59bbae172b63dce86

SHA256
b342f4eea76ca57b8817b8ec7ad6cf71d9700872be6362f27b769e79a3e447ac

SHA512
12a84da7222368f3c30c69291d7b626b10e5c31bb3d19ae550abe5d8e237bb4914961d32b9067559df4e7be428528d9fbc4a55edcb394f2603367c4218253a0c

Download Submit
/storage/emulated/0/Android/9074ca3f18e201c204ec1d852264bb5432644ba46f54f361a146957.pdf

Filesize
753KB

MD5
625af708d7e449611c91bbd3e093fc22

SHA1
444882ecde1b7f3378278046db7d25483f09e730

SHA256
e343ec27c04cc30e3ba00a674ef61d0b53b42de71f98c62606f011cf7e19a50f

SHA512
826f39eb566cc9e139241fb0508652cf48e5a52054d946da785ca1b265927dd537e9f88e948452d4d32975d48ce2ce8fd2ba1be5ab981fd88a93c47a6dfd4675

Download Submit
/storage/emulated/0/Android/data/com.view.openpdf/files/carrierdata/1712748461

Filesize
914B

MD5
07779f22603ef37fec55c3bf31fd2f78

SHA1
c25a0681b6d5443f095c00c662d533d7073ffe79

SHA256
a498cc8899802561fc085771f51a906c8228bd76f5ccc9f31e60e1aa178c4ebe

SHA512
aeae30fa13f0abe491ee05de614a80a8db3c2e09d20b0ad240505dab32a20bda2a77daa39ceeeb5a15bbeafe88864718c803237af5df26652697ad1d34513b05

Download Submit
/storage/emulated/0/Android/data/com.view.openpdf/files/carrierdata/1712748461

Filesize
2KB

MD5
83833a5b0db8f7a58106cb3af8b41ddc

SHA1
607a91287f38afa7246a741f9df0ebee60505c52

SHA256
e941f8212c0b1927cd4187ae0dd4560c065cd50547b08c4878f8f71671b21a6f

SHA512
cb7bda64f21e37ef519aaa2a7fbd9bf7f88c6f548ccb7cff5c0a560cf48e590381240ccab6bf166b8283f34bc0dd05bbcfcdb7b219c921e0ba30e97bd4b88204

Download Submit
/storage/emulated/0/Android/data/tmp/map.dat

Filesize
109B

MD5
c630fee899acc1aedea9d8afe2c0b084

SHA1
fb7549c3dcb005a8cc99cf5c99558f5b5e2aa5fc

SHA256
e672036c67927eaa77eef217d95a484d645fea496b26d920edf1b4cf064e5336

SHA512
d7be09466da3500cfa5c10d064e7cc8e26dada15c5f45885d88e1c4583ef4128dc7e0726bef2322cfb92c567edbf8aea4ec57a8e818f8c6800d97a60a3eba530

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads