e3ee0ccfb01e2effd49feddb252781baa2a05f8360d5cf949d09e3add1e73e4d

Analysis

max time kernel
143s
max time network
155s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
10/04/2024, 14:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e3ee0ccfb01e2effd49feddb252781baa2a05f8360d5cf949d09e3add1e73e4d.apk
Size

233KB
MD5

768475259b618607dcbf27a8f9fcfb9b
SHA1

baefbb0a1cac7835ea82a2e2a8f9702a6bda9f98
SHA256

e3ee0ccfb01e2effd49feddb252781baa2a05f8360d5cf949d09e3add1e73e4d
SHA512

e05e6d690ab3d568875559d9672a23f5e27441666d63df206cfe4300b50f6f3ce867c9b2769d60b31e59c0dc9566d7f23218f0c0f7f6228d0c0da5b3e56b9927
SSDEEP

6144:Y2g7dLU3wvjlECEK+277zVzIqJa+oqW6B:YXBt2HKvZIcaEWk

Score

8^/10

collection discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
5043	com.photo.android.p

Requests cell location 1 TTPs 1 IoCs

Uses Android APIs to to get current cell location.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	com.photo.android.p

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	com.photo.android.p

com.photo.android.p
1⤵
- Removes its main activity from the application launcher
- Requests cell location
- Uses Crypto APIs (Might try to encrypt user data)
PID:5043

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Location Tracking

T1430

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.photo.android.p/databases/dynamicamapfile.db

Filesize
20KB

MD5
d505db4bb9a0c36589db4d1853867791

SHA1
aad475b5974f46d8cb5eae497a1fa541ffee99c6

SHA256
6d82ef6a44919e1e77d94e4d6fcfb33b0f04d48a7846fafa58d343b20968af32

SHA512
2edfc04b01683a4df0ae3b5ceb7b34448f06551743689842f18ce88ff979577171ccbc179ca6f06f1e238dfdbe035e411239797ae23780ddb35a778fe6d03a87

Download Submit
/data/data/com.photo.android.p/databases/dynamicamapfile.db-journal

Filesize
512B

MD5
d308032eb41e2b38ffb5cfcb36d4b286

SHA1
d3285fa4f0b3def05c64715c193529dc8a2f4be0

SHA256
6e6a3e8c80522f1e2bdae160c41d9a25e889c61e01e7adc301cfc0e06da53bf0

SHA512
0b87c047b0c84d5de5725f23d5391a8a09ac8fb913b1bdebcade30ca9f2cef5cd62a5735588d64ebf02313a65e5625b32bb5b40488eda810f1f1b9ffd23c3019

Download Submit
/data/data/com.photo.android.p/databases/dynamicamapfile.db-journal

Filesize
8KB

MD5
ccfb39d8acdf2f2bc9e0460092cadf54

SHA1
26e0b3f5b0c6e402f6039ee8aa9e8052b08da710

SHA256
b843993059c97484ec74428ebfc8268240d2c289645d3ce6684a95d07c408f1f

SHA512
c36965efb88060df4cfe2c46851732c705d29e1de0934568aebb2ccc4dbdfb5e412a4d4143b9e15f5aff784c4e1522a709d1ce35addce0edbb0a94f8e620cf52

Download Submit
/data/data/com.photo.android.p/databases/dynamicamapfile.db-journal

Filesize
8KB

MD5
e169bfec6ada0a852c64604555bee962

SHA1
d9ac9857bce7c52d6fb09841e5be35e12c9a2ff2

SHA256
5308ba8a85d8adfad39903a6ecc82a49d76478220c287216e926be0d7e41e7f7

SHA512
49a75fa9035c93ecb9d94f825ddf9b209dc6cfa80804a0e145f6cff542e027252e7ef13395aec3e23f00ba4d3e83ab333f8196ac3c1cc9c6b28e18c90a459450

Download Submit
/data/data/com.photo.android.p/databases/hmdb

Filesize
12KB

MD5
ea628e04765adaf4238a5dcdff4bbd51

SHA1
a801947619ea8c368efe9c006a324dc6339ac60b

SHA256
885e337c2156e4dbf2176a9677ade50418740532d222ccae5ad4aa371b54c6a4

SHA512
c0287b0e7b690a7231a37d1745c49f3d861b22aa65dd769ba6a8b5ab9da55443f749957781ee05a405019c39e1be45d37a971b821bffd62a1d5620bc39119abe

Download Submit
/data/data/com.photo.android.p/databases/hmdb-journal

Filesize
512B

MD5
26d7b0cfd5ce3139b87f407a8cf0f950

SHA1
855960b2d0288488db545268128c19d448f0378c

SHA256
ed4f3fcfc3f2962db331e45b86fd4ef2ed4d32724cf2317bc19702ed858548ef

SHA512
b104041faf318ff6e5f3d4633ca31cab40c545977cceb1a27e06b0370f202a70943c0aec749b62a453941215987f03136e454078d1f480bb99782aeefe1b06e2

Download Submit
/data/data/com.photo.android.p/databases/hmdb-journal

Filesize
8KB

MD5
a13af101faa813566fd0c05e6b2e5595

SHA1
3882bcbc7a76e144efcc9e1994aed7bedcc136a6

SHA256
5e8990c32e2b01c9a79b1b6f1319461bfc5c71fc6d87e43b08e9d160ec0ea460

SHA512
ef35dd0bb2411da3085bd9238db21dceafbe6e14a60d64e14210b407981e56ba2fd4256cf162286d94d18f05097ff574c8f2db0d58e8cba06ff6ee2dc375ba67

Download Submit
/storage/emulated/0/Android/data/tmp/map.dat

Filesize
109B

MD5
ac7332501821ee06031ac744a00fcccc

SHA1
8428b20a4cfe2669e000038561ffd5393135dac0

SHA256
8a3613dd48056fbf5113990ef5b13220152b086483b285422c00a0edcff6ac49

SHA512
4473d9f4309359503529315de40f4e1cfe743a0bf291f353e618df20cf878150e81abcd442e422b7bf43d8caf75347c1ec18649c470c39843868795b84052fd3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads