e959dc221a8667cde8b9ff080d078e60ed1e8bf5a3c6f1f352919c9b8f696830

Analysis

max time kernel
146s
max time network
148s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
10/04/2024, 14:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e959dc221a8667cde8b9ff080d078e60ed1e8bf5a3c6f1f352919c9b8f696830.apk
Size

808KB
MD5

effd4db55d812683a339d8be5b79e7db
SHA1

d68978b23ac970f637f16a784f0e2c5638af0ecf
SHA256

e959dc221a8667cde8b9ff080d078e60ed1e8bf5a3c6f1f352919c9b8f696830
SHA512

ba428ed3767da87542e00be17d56e38be8d22b562ab203b2234f2dd2a6c22eda4fffc2610064c265a9d2555339d36bbc126fe967173b8501189149dd4ec2654f
SSDEEP

12288:gYt/6d+lOl3dRhT5BD9wWAriPgLzbvEkSpMFSr7UT+d/Nt+kLgIhzpsu:lB6nRvhT5v0rGqzDaegJd/NtlLgIiu

Score

8^/10

collection discovery evasion privilege_escalation stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4569	com.view.openpdf

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.view.openpdf

Tries to add a device administrator. 1 TTPs 1 IoCs

privilege_escalation

Device Administrator Permissions

T1626.001

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	com.view.openpdf

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.view.openpdf

com.view.openpdf
1⤵
- Removes its main activity from the application launcher
- Requests cell location
- Tries to add a device administrator.
- Uses Crypto APIs (Might try to encrypt user data)
PID:4569

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1626

Device Administrator Permissions

T1626.001

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Location Tracking

T1430

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.view.openpdf/databases/dynamicamapfile.db

Filesize
20KB

MD5
4fa65216d7c7a0d708f0fc39947bc574

SHA1
df4d662c7336532c40ab966647bdfb2b74d8a0f0

SHA256
90efb1b89a9732f3da0cbfc20437ceb7a03e6607cbdb3eed1ddb8521e28c50c0

SHA512
9f38d1fb651f61a8b7c95460c0a6a55b7e0d60523c680f7f11d1fd8887078d6694ae5d68c2cd1207a86b8e7e8aeedf8117a6cea47d1fc38719be522be062063c

Download Submit
/data/user/0/com.view.openpdf/databases/dynamicamapfile.db-journal

Filesize
512B

MD5
af0d6bcb464bf998deffa9e30d814ab7

SHA1
2bed971accc17b5088984c8d5294b24a6e19cff7

SHA256
b9aba204b2d9fc23bb31343cf17e95cf8bcfe33d95e4ce311e8a43e792ecddfa

SHA512
e8b698b2c73588fc6bc727b45b22521d52cb13810cfb50c66f6c70f416acf815a9a8c66cc6f3c2d5749a18a04576b5290f9e3aa37bc47484cfcf153baf2a1039

Download Submit
/data/user/0/com.view.openpdf/databases/dynamicamapfile.db-journal

Filesize
8KB

MD5
1528c21d378aa5df55a948a55b4953a9

SHA1
671dac88290c63e551fc394390ab315af05294c3

SHA256
4598dfbb7c5a44ac2108afc7ec25d7038f170b08fd64ec287381ed8629c93035

SHA512
d86a4915db9ccc9c0a043f3413e2cdd268567ee2aea2411291d1b1ace0d1d2856892adc35b022c209d4c915b5690570787c51d82fb241869f7ebc3b73d8198e0

Download Submit
/data/user/0/com.view.openpdf/databases/dynamicamapfile.db-journal

Filesize
8KB

MD5
e97faece087d01da6b6cab992ca7d0ac

SHA1
4ef9b0eb68b614e2d3dbd8ec013f79a69af88dc0

SHA256
21b5dd292c7d86f082dc3ed07298c035853cf1ffaea5b3d0f08935bac0aebf1f

SHA512
adcec7b0a7a0762f99b2b18be5479f25574e43bc135c9e60b35e29adca56771c3414c373206b4d2c5c612dbfe261bcdb97b41eb927c463d7889e0816961fb5f8

Download Submit
/data/user/0/com.view.openpdf/databases/hmdb

Filesize
12KB

MD5
171aedf968e17a2744d2585715606cb9

SHA1
bbeddeb3b89fcf809619c35b4a318a80e7d5b029

SHA256
d2ab452d9360848f46af866b870b5c6fc98230b09c72b89cb1a4b2778586678e

SHA512
78a0f517ee3d21c153dda6dbfec4187ebaee9d520d7b1b63f358bcb125d08aea53f26943907a56fdeba40161d9fc7e4fd63f9ae3154dd2ad887ba0162738285b

Download Submit
/data/user/0/com.view.openpdf/databases/hmdb-journal

Filesize
512B

MD5
af8d74bb96bf69dfefa6429c91dd183b

SHA1
279226775f0fa3bfea6d84e1171e6a8041272d6f

SHA256
77f1b3a86c47ada81df06ff4efe0ac824472595c24bb7fb4eeb0b39f1b0ba5ce

SHA512
5d826b41872c0bbb690560e6b52411788ccc3ac6fffb9c9afa67856ef1f3c9ca150745bfa003d36ad89a59b2a62c26c91dcc0ce9a9439424dff001892721e5c7

Download Submit
/data/user/0/com.view.openpdf/databases/hmdb-journal

Filesize
8KB

MD5
3ff355ba6cbdad7ba82c4087713ede9d

SHA1
24968f4bb17038c69a8ae9c5aca7f7a3edd6d2cc

SHA256
74fcb07fcfc82bb7842330c5b73505d65a4bf93ffd9fdf5e151d56dfde6670a6

SHA512
b6226dd027c1b1e62e835458364dc42dd279fad281511d9e87453a1775b994206910639e232f85ab1880fd1011ec0422403b306a66e44e9c5057a015579baad5

Download Submit
/storage/emulated/0/android/9074ca3f18e201c204ec1d852264bb5432644ba46f54f361a146957.pdf

Filesize
593KB

MD5
8e3e8e6105a2247b7af68445e1bcaf46

SHA1
b5b671ab6ce49599879f1e82c5f6d2e4c3ce8933

SHA256
1d7cb5a57df5bae7d3218b7fe674a72cf4f9c9e1db1b2b9a2c387c64f19f2cf0

SHA512
a559d54e85bd7c39c30b7b79388b7e31f47537dd584bde6ffb2af852827c12ec0fe1b0d6cbfc1887ac47f7c712f17c4b28977f77eb929f7d40fab565e5673db0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads