91c34071622b678b2f64a8b896c7898cceff658764eb0ae5e100b3d4d868a664 | Triage

Analysis

max time kernel
13s
max time network
157s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
10/04/2024, 12:41

Sharing

Report Analysis Logs

General

Target

91c34071622b678b2f64a8b896c7898cceff658764eb0ae5e100b3d4d868a664.apk
Size

628KB
MD5

bf63c5237a4224eb7ddc00c29d4b35d4
SHA1

5a46af7aae4a52c11fc9275e80000f236d28035f
SHA256

91c34071622b678b2f64a8b896c7898cceff658764eb0ae5e100b3d4d868a664
SHA512

10543214338b8f563955ae60775b2e31ac1cd397f24d4db0492911602511f88eda509cedc65d6858f4cf5086bc5103da2a7e7d9a4ac06aed84ec9e5c2ed8b5b1
SSDEEP

12288:Vr3DuCGkoqFEOXfaVhztU9Hr3DuCGkLHnh36UWZBoEW4Do:5a2t6ULa2LHhEc4s

Score

8^/10

evasion privilege_escalation stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

pid	Process
4179	com.photo.android

Tries to add a device administrator. 1 TTPs 1 IoCs

privilege_escalation

Device Administrator Permissions

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	com.photo.android

com.photo.android
1⤵
- Removes its main activity from the application launcher
- Tries to add a device administrator.
PID:4179
- su
  2⤵
  PID:4210

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Hide Artifacts

Suppress Application Icon

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads