e959dc221a8667cde8b9ff080d078e60ed1e8bf5a3c6f1f352919c9b8f696830

Analysis

max time kernel
143s
max time network
156s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
10/04/2024, 14:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e959dc221a8667cde8b9ff080d078e60ed1e8bf5a3c6f1f352919c9b8f696830.apk
Size

808KB
MD5

effd4db55d812683a339d8be5b79e7db
SHA1

d68978b23ac970f637f16a784f0e2c5638af0ecf
SHA256

e959dc221a8667cde8b9ff080d078e60ed1e8bf5a3c6f1f352919c9b8f696830
SHA512

ba428ed3767da87542e00be17d56e38be8d22b562ab203b2234f2dd2a6c22eda4fffc2610064c265a9d2555339d36bbc126fe967173b8501189149dd4ec2654f
SSDEEP

12288:gYt/6d+lOl3dRhT5BD9wWAriPgLzbvEkSpMFSr7UT+d/Nt+kLgIhzpsu:lB6nRvhT5v0rGqzDaegJd/NtlLgIiu

Score

8^/10

collection discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
5085	com.view.openpdf

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.view.openpdf

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.view.openpdf

com.view.openpdf
1⤵
- Removes its main activity from the application launcher
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:5085

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Location Tracking

T1430

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.view.openpdf/databases/dynamicamapfile.db

Filesize
20KB

MD5
d505db4bb9a0c36589db4d1853867791

SHA1
aad475b5974f46d8cb5eae497a1fa541ffee99c6

SHA256
6d82ef6a44919e1e77d94e4d6fcfb33b0f04d48a7846fafa58d343b20968af32

SHA512
2edfc04b01683a4df0ae3b5ceb7b34448f06551743689842f18ce88ff979577171ccbc179ca6f06f1e238dfdbe035e411239797ae23780ddb35a778fe6d03a87

Download Submit
/data/data/com.view.openpdf/databases/dynamicamapfile.db-journal

Filesize
512B

MD5
a6c8246bf864fe4fffb394326697ec96

SHA1
16adb79f698ebe206c2124889f57119598f01168

SHA256
bff8ba78e171f39ee13ac2cd8f2a9eee8a20c98c21dd3753dc3eed8d914149eb

SHA512
a46c95e46db41a5ea8d68a01a970e1eef1bb7e1c762d264a965b9281b2cf6b38fbdcd83f25d7af9402b4b4124d9ba02916a87cb31a1a691a54f1e39524b009a0

Download Submit
/data/data/com.view.openpdf/databases/dynamicamapfile.db-journal

Filesize
8KB

MD5
ac494064939f5304c771a8b3127d7e11

SHA1
6f75270b91abb5775a02f6c1ed02a4aa6393de2c

SHA256
69ab98ce861f7916de1b4a325215f0810846600f963526e78b8d501fe85c3a1a

SHA512
f068eaef8a340097f53d83f3fb6678f69f7aa1d20e29973784287faae788f4f5f6bbc1fe0606fb070cd1da2a695f9ab47eb0dbf39ea82f5fa10f2879162fd435

Download Submit
/data/data/com.view.openpdf/databases/dynamicamapfile.db-journal

Filesize
8KB

MD5
d54a42d2ccf9b0f0ef8581532325965a

SHA1
f30cf56998194485a279c1cee4ad221ad6e593de

SHA256
903e1df2736726da47d53d8fe3b8a788207843bf6e3c0a9d3e6974d4a0ebc9ea

SHA512
e3c33144ec345cb57b4970d2f5a43b861ce7f7b1e5191b4ad7c469c56c6b20500ad97444071e542e136a5e654f446271accec62caa11e1d5a91827642d417245

Download Submit
/data/data/com.view.openpdf/databases/hmdb

Filesize
12KB

MD5
ea628e04765adaf4238a5dcdff4bbd51

SHA1
a801947619ea8c368efe9c006a324dc6339ac60b

SHA256
885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

SHA512
c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

Download Submit
/data/data/com.view.openpdf/databases/hmdb-journal

Filesize
512B

MD5
76c77b830216c08c73e16cb4194c14a1

SHA1
42344c5f1ca9560b33828caa63d4ba8f32558ffa

SHA256
deb61e3c8d6a7eee2254d5d164d2981548f5a1241926a85660b328eb22a1cf3c

SHA512
2995f38234590ed0850cf32a5da68e51eb15cad5b4fb6c4a18440a8a5f19ab379873ff775145b86ce24b5104ccdea854c191334befe3a8404f1414e3f8068ad2

Download Submit
/data/data/com.view.openpdf/databases/hmdb-journal

Filesize
8KB

MD5
9d59d8f99a88f07946c99269113b7861

SHA1
16b72007b891cddbf569cc3bc36434c4b96255a4

SHA256
76e608f203b716908cae53c9eb536f7c6c965b3a66bb405be330512c3ba9d974

SHA512
dd82a2374b1cbe8f430b8b2447af812a8ae97a8373f98512145dc515cbeb3d0a1165df3d27655ac44a9e63f9a5553305a04825211f884f4e780b34e69afa2dd5

Download Submit
/storage/emulated/0/Android/9074ca3f18e201c204ec1d852264bb5432644ba46f54f361a146957.pdf

Filesize
593KB

MD5
8e3e8e6105a2247b7af68445e1bcaf46

SHA1
b5b671ab6ce49599879f1e82c5f6d2e4c3ce8933

SHA256
1d7cb5a57df5bae7d3218b7fe674a72cf4f9c9e1db1b2b9a2c387c64f19f2cf0

SHA512
a559d54e85bd7c39c30b7b79388b7e31f47537dd584bde6ffb2af852827c12ec0fe1b0d6cbfc1887ac47f7c712f17c4b28977f77eb929f7d40fab565e5673db0

Download Submit
/storage/emulated/0/Android/data/tmp/map.dat

Filesize
109B

MD5
63a90519b10d689e7dfd2fd0827b7d1b

SHA1
91c739f4a93e5d2bf04cf121d409ca15d9d02fa5

SHA256
190f09d935c329578cb8ab21ec549a47cb699bad1fc437426340dcb8414db269

SHA512
1fb008c85fdc97e15cbb10ee83df02811ff0d3d580b8b298d2a9b41ec3aa2e4d5baa74b818c3000eedcd12487abbd56e77fce3a2493b4738669cf775293b1df2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads