49da23e9e35c7f6e7efbd351ef7aef10cc3830572a02e2dd5db2cba1ee669206

Analysis

max time kernel
141s
max time network
138s
platform
android_x86
resource
android-x86-arm-20240603-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240603-enlocale:en-usos:android-9-x86system
submitted
10/06/2024, 10:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VirusShare_82374d1d167ae09b3719ac7bde7086e8.apk
Size

183KB
MD5

82374d1d167ae09b3719ac7bde7086e8
SHA1

cd8fd66101036d84b3a47d0bdca2d15bc90929ad
SHA256

49da23e9e35c7f6e7efbd351ef7aef10cc3830572a02e2dd5db2cba1ee669206
SHA512

f6ccec6ceb343c4979455a923d4b92c524c9befc32707fe5b9c871d1d4d5b5d5d4faede5709efcc7c1a4f7eab966e896cbe74491caaf431af3cabb54a2b32f71
SSDEEP

3072:t87hGdgvs7aBX79DCuF9hDTiWSqEERHORETkeI5X9SibUqsdm+J20fAK+VpkTCr/:y7sdyHBX75CuF9tTiW/HORE65cyUqePk

Score

8^/10

collection discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4276	com.ivan.dorn

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Reads the contacts stored on the device. 1 TTPs 1 IoCs

collection

Contact List

T1636.003

description	ioc	Process
URI accessed for read	content://com.android.contacts/contacts	com.ivan.dorn

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.ivan.dorn:zprt

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.ivan.dorn

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.ivan.dorn
1⤵
- Removes its main activity from the application launcher
- Reads the contacts stored on the device.
- Queries information about active data network
PID:4276

com.ivan.dorn:zprt
1⤵
- Makes use of the framework's foreground persistence service
PID:4304

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Protected User Data

T1636

Contact List

T1636.003

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads