e959dc221a8667cde8b9ff080d078e60ed1e8bf5a3c6f1f352919c9b8f696830

Analysis

max time kernel
144s
max time network
150s
platform
android_x86
resource
android-x86-arm-20240221-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240221-enlocale:en-usos:android-9-x86system
submitted
10/04/2024, 14:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e959dc221a8667cde8b9ff080d078e60ed1e8bf5a3c6f1f352919c9b8f696830.apk
Size

808KB
MD5

effd4db55d812683a339d8be5b79e7db
SHA1

d68978b23ac970f637f16a784f0e2c5638af0ecf
SHA256

e959dc221a8667cde8b9ff080d078e60ed1e8bf5a3c6f1f352919c9b8f696830
SHA512

ba428ed3767da87542e00be17d56e38be8d22b562ab203b2234f2dd2a6c22eda4fffc2610064c265a9d2555339d36bbc126fe967173b8501189149dd4ec2654f
SSDEEP

12288:gYt/6d+lOl3dRhT5BD9wWAriPgLzbvEkSpMFSr7UT+d/Nt+kLgIhzpsu:lB6nRvhT5v0rGqzDaegJd/NtlLgIiu

Score

8^/10

collection discovery evasion privilege_escalation stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4472	com.view.openpdf

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.view.openpdf

Tries to add a device administrator. 1 TTPs 1 IoCs

privilege_escalation

Device Administrator Permissions

T1626.001

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	com.view.openpdf

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.view.openpdf

com.view.openpdf
1⤵
- Removes its main activity from the application launcher
- Requests cell location
- Tries to add a device administrator.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4472
- su
  2⤵
  PID:4503

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1626

Device Administrator Permissions

T1626.001

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Location Tracking

T1430

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.view.openpdf/databases/dynamicamapfile.db

Filesize
20KB

MD5
d5950b4302984c62ae015c70f8359000

SHA1
44de2b51c2942afc6706cfd591bd17e0b22732a2

SHA256
b25855280d949ff775756116e72d78ac73561352dfa33866835ccd355d037f9d

SHA512
39c732e681ba5913a12d78056a128a2f7a2cf3b78f5735727e629b15bd5f498ea22ca1bee6bd0c7580c2443cc08e4416c454679bf52ca34fb91366f6374b334c

Download Submit
/data/data/com.view.openpdf/databases/dynamicamapfile.db-journal

Filesize
512B

MD5
bded42e83d3b510e862bd7674e91a82c

SHA1
a4b388f43552574841aa4fc88254f871695ac599

SHA256
0b4f919344b417c1e24f175a2f99ecc6b0a18512c5ed9f719add4c3bb7184ada

SHA512
82c322f5e5ffb351e17408510ba1c12f7f59a1cfd6cce791952f5444a39b34659238a2428da9d76e980822ccf51aee28c18de24b4d349166ec2e5f2ca5e1aabb

Download Submit
/data/data/com.view.openpdf/databases/dynamicamapfile.db-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.view.openpdf/databases/dynamicamapfile.db-wal

Filesize
32KB

MD5
6235033c512b5939ee19dd52fd8bd385

SHA1
caed444ad3d39955a739b4e034d371daa0c37753

SHA256
7316fe46ccb0efb3353199e8a729d4576a78972c1f6961655857ad6265d79d71

SHA512
f2452bb502feca0f686339ff82828f3a7822f1ab03a15fd8b174d4ee96132684fbefcec523b9865b73ac8d09bbca4445b93ef56d2bb223132b7ab63d3c036507

Download Submit
/data/data/com.view.openpdf/databases/hmdb

Filesize
12KB

MD5
3fe30614d7e0d11db870b4624f6c50e0

SHA1
053ff0fc621ab40f2afeddb3e7b4a73ee41ec533

SHA256
67c532f0324228dd33b445cd399c1426e3a0e0cdc7b9358c66b402c5d40a838d

SHA512
c7c09e97a408e88aacaf8099ad4d1fa604d58113393500a384eb3c2eb7c3c105af41314934b86eca2f088045cbab5a20d768bbb295448dc1ae6cb6c3f59821ae

Download Submit
/data/data/com.view.openpdf/databases/hmdb-journal

Filesize
512B

MD5
7f557b7c0e16ff36c26033b24d0abb2b

SHA1
4c9666a0db5f6d3cfed04f141df48958c37472c5

SHA256
1fb44e69324b1f7ad8fc3d993b9704383c491242adce7d334184df9178bd2e86

SHA512
48258a5dcfce55cd446dd4bfae9fc962a36c7244fc238000f1327f53a1a5aff8a05495e5e2f8a6ebc2f54bf75b357c03be19a006a31d3232c0b61e8fca046b57

Download Submit
/data/data/com.view.openpdf/databases/hmdb-wal

Filesize
16KB

MD5
e5f6c0d8eabb3d26bb2ec18646649b03

SHA1
c522d6ac3f5bb63a5d59770bb0412c85ffedb96d

SHA256
e7a1d82587f523e47fff564faf259a3856f89963c2987b8fcedc60f80fb6868c

SHA512
f5f4d6558352d2688b9c6efa574cd76574ba5d09ed40b39552343b6bd53f895f9de14b3fc3255a0dfc5bbd6b5e2b6b869614c3604b7b5c1068e389a3e8e45aef

Download Submit
/storage/emulated/0/Android/9074ca3f18e201c204ec1d852264bb5432644ba46f54f361a146957.pdf

Filesize
593KB

MD5
8e3e8e6105a2247b7af68445e1bcaf46

SHA1
b5b671ab6ce49599879f1e82c5f6d2e4c3ce8933

SHA256
1d7cb5a57df5bae7d3218b7fe674a72cf4f9c9e1db1b2b9a2c387c64f19f2cf0

SHA512
a559d54e85bd7c39c30b7b79388b7e31f47537dd584bde6ffb2af852827c12ec0fe1b0d6cbfc1887ac47f7c712f17c4b28977f77eb929f7d40fab565e5673db0

Download Submit
/storage/emulated/0/Android/data/com.view.openpdf/files/carrierdata/1712760258

Filesize
914B

MD5
82b3d928b145bb058e02a00168e0bb65

SHA1
35648df085999482e7fe5861e120f25ab950c347

SHA256
a892e18a3eb5b89c67ff8fef6b8bc44391cf5706ca44515fd353d991483de27a

SHA512
bac16306104c15dec564c1ef4f08797dfdff8b7b0c0f7912e0b7f196822fa59faf308592706c20a25cf3f144568ce1ec8cc35ebe3f4bd1f8686a4a69513b8b4b

Download Submit
/storage/emulated/0/Android/data/com.view.openpdf/files/carrierdata/1712760258

Filesize
2KB

MD5
ede56047ccd885d2e663552ef2883d97

SHA1
a62d2e5890b0c5a3f230c2dbed038e0fffdf9291

SHA256
59ab4d8e623e99333cfae7df61063346c736a55a5abd50b0874e90c4d4c4ff88

SHA512
231e20fc97e07dfc542170846a07b8b0b99cda407b8a103e04fefaf4f3b46132d86d13202bbf96c4078ffbd7b11c1924a10e4d86e3ead3638012211736d7b98f

Download Submit
/storage/emulated/0/Android/data/tmp/map.dat

Filesize
109B

MD5
9c299112cfa82108a2800e0f4c79ff7a

SHA1
5928ac82de7dc138ac130c9ae63861fd5e5ad2c0

SHA256
9c79c2c29cc95e5f99cd0a24f94d7ad00f6f2474fd56526650db0cd5260d712e

SHA512
2494335711c1f4023697f302ef8901fc6340af637563a0b104c26cf82b025617a6e318deeeacfc549d875b3c8a9353b575561bf50b4eae005576110229a2bc7d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads