Overview

overview

10

Static

static

10

HEUR-Backd...th.apk

android-9-x86

7

HEUR-Backd...th.apk

android-10-x64

7

HEUR-Backd...th.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HEUR-Backdoor.AndroidOS.Ahmyth.t-d4fddc345aea69f08c1182cfb58fae06a414876bc8a579162783c67c0178d054

  • Size

    293KB

  • Sample

    240412-tew5dsbh36

  • MD5

    15d871c35eff08519a7463456229939c

  • SHA1

    f790c0f4fb971fdba89c1c19d6165fb1ccf31a6c

  • SHA256

    d4fddc345aea69f08c1182cfb58fae06a414876bc8a579162783c67c0178d054

  • SHA512

    86fc8d13bef39cc1e0eb807447aa6a70b4d8942c1e9cdb5485746ebe08918bb4daa163dd8e6b7f07145bc94dbc2bfd4c22a4eb2de93df7e4f8bae4ed0d07ee6e

  • SSDEEP

    6144:PX3PWxohsFdpR5+5rgaVJQLGDPPkbHfIq:PnuuhOegPiDHAt

Score
10/10
ahmythandroidevasionpersistenceprivilege_escalation

Malware Config

Extracted

Family

ahmyth

C2

http://0.tcp.eu.ngrok.io:13514

Targets

    • Target

      HEUR-Backdoor.AndroidOS.Ahmyth.t-d4fddc345aea69f08c1182cfb58fae06a414876bc8a579162783c67c0178d054

    • Size

      293KB

    • MD5

      15d871c35eff08519a7463456229939c

    • SHA1

      f790c0f4fb971fdba89c1c19d6165fb1ccf31a6c

    • SHA256

      d4fddc345aea69f08c1182cfb58fae06a414876bc8a579162783c67c0178d054

    • SHA512

      86fc8d13bef39cc1e0eb807447aa6a70b4d8942c1e9cdb5485746ebe08918bb4daa163dd8e6b7f07145bc94dbc2bfd4c22a4eb2de93df7e4f8bae4ed0d07ee6e

    • SSDEEP

      6144:PX3PWxohsFdpR5+5rgaVJQLGDPPkbHfIq:PnuuhOegPiDHAt

    Score
    7/10
    evasionpersistenceprivilege_escalation

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence

    • Tries to add a device administrator.

      privilege_escalation

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Tasks