35527af0bfbed07700fd9865deaa045c0fb3d65a35e237b78b603812709e0c6c

Analysis

max time kernel
128s
max time network
131s
platform
android_x64
resource
android-x64-20240603-en
resource tags

androidarch:x64arch:x86image:android-x64-20240603-enlocale:en-usos:android-10-x64system
submitted
10/06/2024, 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VirusShare_15d70a1a68405c9a58efbab9946222c0.apk
Size

1.5MB
MD5

15d70a1a68405c9a58efbab9946222c0
SHA1

495d0749e4aad68ec4f10f52b3713f3aa3d2dfae
SHA256

35527af0bfbed07700fd9865deaa045c0fb3d65a35e237b78b603812709e0c6c
SHA512

7c80dac9ce6e63cebf6bd62225ef1e03ee1237f25e8f24dc9034448636d58246f8d47ad4249ab379b7225ef91f9472f87829199ce370c91ed6651f1ec9b5ffcb
SSDEEP

24576:XkOWSDweBSCO+whKuFYxdv+bkefxeC/35eshIKH86q9G/pdgSdG:XkB5ewX+Vz+bLZeCoyIeqEcSdG

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
5154	com.adobe.sklasse

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.adobe.sklasse

Queries the unique device ID (IMEI, MEID, IMSI) 1 TTPs
discovery

System Network Configuration Discovery
T1422
Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.adobe.sklasse

com.adobe.sklasse
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:5154

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.adobe.sklasse/databases/init.db

Filesize
28KB

MD5
edf062678162a7bf24ea319131b0ed7a

SHA1
d4713dd2d1e86c7295718ce2ec753ed8e89baae1

SHA256
4b77fbd9b902d4fd2e02450f8e25e7e2b1528de5814d78f0816aacdab64814c9

SHA512
d17a73b87e424fd980a383c7b12444e4c7a39ec2037b103e54901883cf909c193073c467b30e8688fea8b892a9d4392c32959038503a2b7eb155f92b1549cc12

Download Submit
/data/data/com.adobe.sklasse/databases/init.db-journal

Filesize
512B

MD5
acbebcb175fc9982cd858acda8b5c1d5

SHA1
1ac36b9a7f4b63a7bc75e754e263bd33ca061720

SHA256
8ba9d7d109873dc1357dc2ae8f96b272fdf434d14f1bde5600ec1756ce0703d7

SHA512
6557b6033d3c778e5b8372c658a486d0bb2cbdd1e3da297d7e3a99703107d037747ec346ad5e970c140a00cbabe91a7480ea230aa7e1982cdf81aa1bf56b5ab6

Download Submit
/data/data/com.adobe.sklasse/databases/init.db-journal

Filesize
8KB

MD5
04323ae18280bbab5963c3aa803f92c8

SHA1
15ecd1e49aeb8e4a63df02542525bc602ee6ae75

SHA256
ad5587ca02c8e71d3c54452b2344e201560ab2a38b443bc90b15acf0c575bc55

SHA512
3d6d657c72a7c0ffb97558fd4bbd98ee2890ccfc9fe00659cc720a7bad047e7f70a28d52ec695c9bf8b0ae07ab571d43accccd00a57c0d93d66c774de002c837

Download Submit
/data/data/com.adobe.sklasse/databases/init.db-journal

Filesize
8KB

MD5
3243a513ed27c7eba70b874bee40b7ad

SHA1
27198f5db83c833c9f4fda21d861f3fd91d8d8e3

SHA256
75a715f350576104dcbe446727edf82e4c7883a141d0d1be6821a9cf669b5552

SHA512
d56fde29f64954db070da6990654b895502fd5b1f7e00ef2346f6b641b1378b36b9be7407bff7048d5cbe9435b1ba6297454523f080224e803dd1fe6954ee1fb

Download Submit