633739c3b51715516fb226b3b9c693530d8ef715ac19093cdf6aaf108149b91f

Analysis

max time kernel
143s
max time network
154s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
10/04/2024, 11:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

633739c3b51715516fb226b3b9c693530d8ef715ac19093cdf6aaf108149b91f.apk
Size

881KB
MD5

8aec3dfcd6addabeda02cf89baa8df4a
SHA1

71f18286c4db997ad1cd699aec49d154c404f675
SHA256

633739c3b51715516fb226b3b9c693530d8ef715ac19093cdf6aaf108149b91f
SHA512

ee55fa746c7af99ed5e26892920b3b1d6a4eec074a420c6f850c630636731e72287c5c2970749cf0355e4bfd1e6fafdf644e4f933379e1868163cd8295ba2cd8
SSDEEP

24576:MeZ3RpUcvjTZDlF8n9I485tc40Pqpd/NtlLgIio:MeZ3RmCllLxuqpHv8Iio

Score

8^/10

collection discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
5120	com.view.openpdf

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.view.openpdf

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.view.openpdf

com.view.openpdf
1⤵
- Removes its main activity from the application launcher
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:5120

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Location Tracking

T1430

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.view.openpdf/databases/dynamicamapfile.db

Filesize
20KB

MD5
d505db4bb9a0c36589db4d1853867791

SHA1
aad475b5974f46d8cb5eae497a1fa541ffee99c6

SHA256
6d82ef6a44919e1e77d94e4d6fcfb33b0f04d48a7846fafa58d343b20968af32

SHA512
2edfc04b01683a4df0ae3b5ceb7b34448f06551743689842f18ce88ff979577171ccbc179ca6f06f1e238dfdbe035e411239797ae23780ddb35a778fe6d03a87

Download Submit
/data/data/com.view.openpdf/databases/dynamicamapfile.db-journal

Filesize
512B

MD5
c6a259d7020f2f2e3a6b4e0eb2fc5ddc

SHA1
ec504a65b1dbad665e6758cbe53d8e27505a5c94

SHA256
c3326959533a580497cc3cc1d12a5376a8c2f11bfb088636c9ce5090385e7f10

SHA512
9980f61c98a548afd3c1af79f1a0d2adc3ca7e0f8dfa4ad3cdefb2228b1f221ed2167aaf2dc407463102142819f8ce0d27ed4e40dcbb4afd973aec0b900b2f3a

Download Submit
/data/data/com.view.openpdf/databases/dynamicamapfile.db-journal

Filesize
8KB

MD5
b06395e4916e71bc8c2a158c2c3adfab

SHA1
026bffa5c70976b9d8fd766e4dcd85fad9c8eb05

SHA256
a590a94f359a299bcaea850109abe7c949c1fabc932d42fa7a225724a2e1f1e4

SHA512
ca2f999e4c6bda153769f16394f4b440b05c8499fcb7b939de1c9be18aa392f69621a119b11f93c345e50c7a32bb568d5e2933c027473963ce972ea580c62765

Download Submit
/data/data/com.view.openpdf/databases/dynamicamapfile.db-journal

Filesize
8KB

MD5
5e84f1873fa24f945e4462027415d026

SHA1
71132c176c761675a8d46389e388a4662386e528

SHA256
a8324afac70af70fd1991f520a43f871b5c762624f54c5853145cad83979aac8

SHA512
0553fa1ffb065699173a101208c33ec3186f72ed4d25f9b19b245257ffdb8c52013f9af2bfe7735d9575b7a750712c3b15da2f089b8d3817a65143649be75957

Download Submit
/data/data/com.view.openpdf/databases/hmdb

Filesize
12KB

MD5
ea628e04765adaf4238a5dcdff4bbd51

SHA1
a801947619ea8c368efe9c006a324dc6339ac60b

SHA256
885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

SHA512
c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

Download Submit
/data/data/com.view.openpdf/databases/hmdb-journal

Filesize
512B

MD5
e466e5d81c036df67699855bb3d25860

SHA1
26c8a48ff8eb6b72054d47c1547d4498254f4acf

SHA256
2d4caa833788e62c19c78fc549230b11898a4ab243500763eb0e0a1b79f55918

SHA512
3715a1a2ee72c47e2b49008d5decba7d9bd7860c0a6583741fcef25b6b1051a6f33624b6f33815666c318dfee15561a70f03065ae4d8c2c81109186c9f00f2b1

Download Submit
/data/data/com.view.openpdf/databases/hmdb-journal

Filesize
8KB

MD5
a3184a9712e30fed86210f24be1a26b8

SHA1
498770502abc729554077694782a1b9e1c782acf

SHA256
2c438dc1b31baa60b9a05a78ab40bac5aa1973e6981f2fc4b651f6de6e640417

SHA512
485b9c998a8b577f867ea9918d52dae7156ea089658cd7ad5be5671c4e81337da3669507c8ba4fb7a65ee2385c3947cc7f5b1e775d314d3bf0c8c9c900436397

Download Submit
/storage/emulated/0/Android/9074ca3f18e201c204ec1d852264bb5432644ba46f54f361a146957.pdf

Filesize
753KB

MD5
625af708d7e449611c91bbd3e093fc22

SHA1
444882ecde1b7f3378278046db7d25483f09e730

SHA256
e343ec27c04cc30e3ba00a674ef61d0b53b42de71f98c62606f011cf7e19a50f

SHA512
826f39eb566cc9e139241fb0508652cf48e5a52054d946da785ca1b265927dd537e9f88e948452d4d32975d48ce2ce8fd2ba1be5ab981fd88a93c47a6dfd4675

Download Submit
/storage/emulated/0/Android/data/com.view.openpdf/files/carrierdata/1712748461

Filesize
890B

MD5
ea8a5c99c8491408a7b68474abc36501

SHA1
8ce3d0aed48d4a0afe7f6930a98c437ef2b9e759

SHA256
6ed1be51670b09abbe2b6c3cc0538d3bf72478ca353e13570a6514f17de80945

SHA512
7c5c61252bc00e34c6e2475b184810b75065cc2606bcac9a8cc0247c65f46ff7eee5a158022fbac4519bab2024cfbb350cae3f06303119d139cfd7b1d906df2c

Download Submit
/storage/emulated/0/Android/data/com.view.openpdf/files/carrierdata/1712748461

Filesize
2KB

MD5
b8400ddde6e3d71f714d2a8ce396b568

SHA1
81f22746b6f13f987f2cbf8df1da811ea3056907

SHA256
4179a047d98ce3d0871cb8be7288ffe35d552a326bf2e1bf39719efac6c5b2af

SHA512
853817642df05586f135b09c7eb47c01edd4cb1547aee3cef043a423dacc9d83ee5f327d572ac9f113e15505627eea41c983f2bb04f37a9ac1e5558bf6a6f22e

Download Submit
/storage/emulated/0/Android/data/tmp/map.dat

Filesize
109B

MD5
c630fee899acc1aedea9d8afe2c0b084

SHA1
fb7549c3dcb005a8cc99cf5c99558f5b5e2aa5fc

SHA256
e672036c67927eaa77eef217d95a484d645fea496b26d920edf1b4cf064e5336

SHA512
d7be09466da3500cfa5c10d064e7cc8e26dada15c5f45885d88e1c4583ef4128dc7e0726bef2322cfb92c567edbf8aea4ec57a8e818f8c6800d97a60a3eba530

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads