633739c3b51715516fb226b3b9c693530d8ef715ac19093cdf6aaf108149b91f

Analysis

max time kernel
145s
max time network
164s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
10/04/2024, 11:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

633739c3b51715516fb226b3b9c693530d8ef715ac19093cdf6aaf108149b91f.apk
Size

881KB
MD5

8aec3dfcd6addabeda02cf89baa8df4a
SHA1

71f18286c4db997ad1cd699aec49d154c404f675
SHA256

633739c3b51715516fb226b3b9c693530d8ef715ac19093cdf6aaf108149b91f
SHA512

ee55fa746c7af99ed5e26892920b3b1d6a4eec074a420c6f850c630636731e72287c5c2970749cf0355e4bfd1e6fafdf644e4f933379e1868163cd8295ba2cd8
SSDEEP

24576:MeZ3RpUcvjTZDlF8n9I485tc40Pqpd/NtlLgIio:MeZ3RmCllLxuqpHv8Iio

Score

8^/10

collection discovery evasion privilege_escalation stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4369	com.view.openpdf

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.view.openpdf

Tries to add a device administrator. 1 TTPs 1 IoCs

privilege_escalation

Device Administrator Permissions

T1626.001

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	com.view.openpdf

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.view.openpdf

com.view.openpdf
1⤵
- Removes its main activity from the application launcher
- Requests cell location
- Tries to add a device administrator.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4369

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1626

Device Administrator Permissions

T1626.001

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Location Tracking

T1430

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.view.openpdf/databases/dynamicamapfile.db

Filesize
20KB

MD5
4fa65216d7c7a0d708f0fc39947bc574

SHA1
df4d662c7336532c40ab966647bdfb2b74d8a0f0

SHA256
90efb1b89a9732f3da0cbfc20437ceb7a03e6607cbdb3eed1ddb8521e28c50c0

SHA512
9f38d1fb651f61a8b7c95460c0a6a55b7e0d60523c680f7f11d1fd8887078d6694ae5d68c2cd1207a86b8e7e8aeedf8117a6cea47d1fc38719be522be062063c

Download Submit
/data/user/0/com.view.openpdf/databases/dynamicamapfile.db-journal

Filesize
512B

MD5
7d5aa68975a25159c667b515329a9f46

SHA1
0a2c29e5c332a27079761bd5dce418faa576d6d1

SHA256
53f4c70aee947df66d52b2078d7717399d5cadfb5fe556299cb4be5c2119c932

SHA512
2d0adda3003d7431979d48806e8f57178e0219085d65a8fdf9462895e4ff97055e6d27c262639370105110ee53448710bdb97fcdd2154cb36bf416880bc4b7e0

Download Submit
/data/user/0/com.view.openpdf/databases/dynamicamapfile.db-journal

Filesize
8KB

MD5
f4e86f07fad5447329fa0abcaf062483

SHA1
3cf04eface76c9442f4a6403abcfcd8da06bb41c

SHA256
062e649c7982639f26b79be36080077e657e2bed2625fc0138e795cbbc2e5fa7

SHA512
e96c5fcee7bcf99e8438a725ffa70612857c06349b92691b3d768abcc2427daa13148aad6bd2d2dd73381fba42fef918877bc30c764a8b9047cd28008b6d903c

Download Submit
/data/user/0/com.view.openpdf/databases/dynamicamapfile.db-journal

Filesize
8KB

MD5
00c2c8b14616eb17229b5dc30a3da3ce

SHA1
14ef158c0a6593ce55a14bd4eb5dcea17c27aef0

SHA256
398720e6932818a20fdcdea93d7b952485892315a23d9e79221bae1df02176bd

SHA512
3f1eedf3ce30f7865f560127b14b11f337be1b81036ea0c9a3d5e9255920461a52c1c9b48787a52901df7a8d1f9b8b13ffca5fd94c96bff651f497f3f4b84bc8

Download Submit
/data/user/0/com.view.openpdf/databases/hmdb

Filesize
12KB

MD5
171aedf968e17a2744d2585715606cb9

SHA1
bbeddeb3b89fcf809619c35b4a318a80e7d5b029

SHA256
d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

SHA512
78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

Download Submit
/data/user/0/com.view.openpdf/databases/hmdb-journal

Filesize
512B

MD5
405610ac225b4498af380d90b39f7cec

SHA1
9caab723c94807f7dd71a6a4046fad987f65e67c

SHA256
00863c54f9220267378f916798a4737906121a8e4c7eef4034f50e91c702e9ac

SHA512
2995ba1735d1ef48349befa36ffce150f61bbc778aa46a06cf1e1ebcd785fbde2246106c597d8c49947702444dc1b4d737bce57d7bee22fb7298d33a30a3bfb4

Download Submit
/data/user/0/com.view.openpdf/databases/hmdb-journal

Filesize
8KB

MD5
15cd339f644617ed6126d972bdcaeed6

SHA1
e2ffc053b24833ddcfcab8ff0ff2717fef89d6ca

SHA256
22bc138690258705e204c0191c026843fb0453f23e420380da3e040cdafdae1a

SHA512
1a6a4d181bb29f2ce37120bf71b96cef1b43c560da104ba3a604356d7ebd88ad46f124a211ada18c03e93f223e07a853fdf02f6aa2977d1d0ea64cf7540003c7

Download Submit
/storage/emulated/0/android/9074ca3f18e201c204ec1d852264bb5432644ba46f54f361a146957.pdf

Filesize
753KB

MD5
625af708d7e449611c91bbd3e093fc22

SHA1
444882ecde1b7f3378278046db7d25483f09e730

SHA256
e343ec27c04cc30e3ba00a674ef61d0b53b42de71f98c62606f011cf7e19a50f

SHA512
826f39eb566cc9e139241fb0508652cf48e5a52054d946da785ca1b265927dd537e9f88e948452d4d32975d48ce2ce8fd2ba1be5ab981fd88a93c47a6dfd4675

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads