990e50ce20706be80b4d62367ff6ed615d6dd04551b42cfd80b1a8950065b646

Analysis

max time kernel
146s
max time network
165s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
10/04/2024, 12:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

990e50ce20706be80b4d62367ff6ed615d6dd04551b42cfd80b1a8950065b646.apk
Size

406KB
MD5

369ca8fd7af4865752c2241884e3b2cf
SHA1

ef4ea8f1ed83abbac62ed75b74cbf9c815887b3b
SHA256

990e50ce20706be80b4d62367ff6ed615d6dd04551b42cfd80b1a8950065b646
SHA512

1dfd768f803959f8e79331459fabb5fe5b7fed6550b952ac734f41b694ec2a72811ec34b5ae88fc2d444221ba77df4b384c95f58442b0eb138a9a497a800914c
SSDEEP

12288:9oIrRitNNC4ZulrkFAIlniM2XtQHKvZIcaEWI:9oCo922bWXKHKvHdX

Score

8^/10

collection discovery evasion privilege_escalation stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4677	com.photo.android.p

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.photo.android.p

Tries to add a device administrator. 1 TTPs 1 IoCs

privilege_escalation

Device Administrator Permissions

T1626.001

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	com.photo.android.p

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.photo.android.p

com.photo.android.p
1⤵
- Removes its main activity from the application launcher
- Requests cell location
- Tries to add a device administrator.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4677

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1626

Device Administrator Permissions

T1626.001

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Location Tracking

T1430

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.photo.android.p/databases/dynamicamapfile.db

Filesize
20KB

MD5
4fa65216d7c7a0d708f0fc39947bc574

SHA1
df4d662c7336532c40ab966647bdfb2b74d8a0f0

SHA256
90efb1b89a9732f3da0cbfc20437ceb7a03e6607cbdb3eed1ddb8521e28c50c0

SHA512
9f38d1fb651f61a8b7c95460c0a6a55b7e0d60523c680f7f11d1fd8887078d6694ae5d68c2cd1207a86b8e7e8aeedf8117a6cea47d1fc38719be522be062063c

Download Submit
/data/user/0/com.photo.android.p/databases/dynamicamapfile.db-journal

Filesize
512B

MD5
553f940004eca6b2c9b93e6c715fa125

SHA1
d02e904a1e4c6c1798f48696dd3311aed21044ba

SHA256
86c22a5c0c1c07d8fbf21e660846b1cea2f18e18c217c7f6074dca9f6b5b1252

SHA512
f489e39a95829d7569d392beafd46cdc6a8c7cd5a25c390d27ad41c83266da6fbffaec6c2cafc6f030b4fa9097787be841aab47f6ae273bf3876f89b510afc2c

Download Submit
/data/user/0/com.photo.android.p/databases/dynamicamapfile.db-journal

Filesize
8KB

MD5
c9050fe79d5f4532f2166607f8f0fe1c

SHA1
6a1f7bdfbf5f4dbb11c5477252566414a00c1191

SHA256
2179711b33c5d1568ec1456898870043b5c65f6d948de4e737f8e359d476d38f

SHA512
e23b7913ae076a4c95cf9cfc29c1e84e24a525448db4ccef36c178b1199575b2ba418c1cc2bf8d4b68ca043b67cecd0ab5bf20e65c96f6c75d4f6dfedaab8f4a

Download Submit
/data/user/0/com.photo.android.p/databases/dynamicamapfile.db-journal

Filesize
8KB

MD5
b8771f2cf05966b9b7dec72b1adf25ca

SHA1
9d274130cda7f198cda620dab9b100736d49b31c

SHA256
0250e2f4ae6672f283c6c090b6564143ed57eb15f50f179f29d2e307fb8ad4f4

SHA512
6fcea1dc0ac8a79b8f57d12ccd93c2cbf80bf620da1d5461c9bbb6ffec6769295d956b80d2e5a2b20cfe3c38ba8d59a1f10a37fc3159b8837ef739722d9e66ef

Download Submit
/data/user/0/com.photo.android.p/databases/hmdb

Filesize
12KB

MD5
171aedf968e17a2744d2585715606cb9

SHA1
bbeddeb3b89fcf809619c35b4a318a80e7d5b029

SHA256
d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

SHA512
78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

Download Submit
/data/user/0/com.photo.android.p/databases/hmdb-journal

Filesize
512B

MD5
d84d39298dc0b45160bc01d32ef1bb15

SHA1
e3980350db6406ede7305c25a8ff484ec18bf1de

SHA256
3848c151591253939abbe6acd644305ca3d4545c54db9cbe519c4ec6c8eabf24

SHA512
e97cc33a89bd884c4baeff7fdda27fc16d9213c2c1f6250c0c32a9ab71aa0783c4a41fdf094b81bc42b05c166ec5d63dac0930090ea08972e2a3f2566398eeb0

Download Submit
/data/user/0/com.photo.android.p/databases/hmdb-journal

Filesize
8KB

MD5
dc95275359a2d2cfeabafb9595236c07

SHA1
e813aa32b4d912efe0f1f4383c053cd45e66a24a

SHA256
b222af7b13af1003f5ddb45611fc691caf140ba70e748509e60300a1c71646ca

SHA512
e78255199b80b5414ebe74c7013d904026301fff8ccbb5ecafb57c752554e531b25eb10c148d038cf869a22c4d144918986d2eeb7b707ed8e914cd02a8612ae1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads