35527af0bfbed07700fd9865deaa045c0fb3d65a35e237b78b603812709e0c6c

Analysis

max time kernel
128s
max time network
130s
platform
android_x64
resource
android-x64-arm64-20240603-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240603-enlocale:en-usos:android-11-x64system
submitted
10/06/2024, 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

VirusShare_15d70a1a68405c9a58efbab9946222c0.apk
Size

1.5MB
MD5

15d70a1a68405c9a58efbab9946222c0
SHA1

495d0749e4aad68ec4f10f52b3713f3aa3d2dfae
SHA256

35527af0bfbed07700fd9865deaa045c0fb3d65a35e237b78b603812709e0c6c
SHA512

7c80dac9ce6e63cebf6bd62225ef1e03ee1237f25e8f24dc9034448636d58246f8d47ad4249ab379b7225ef91f9472f87829199ce370c91ed6651f1ec9b5ffcb
SSDEEP

24576:XkOWSDweBSCO+whKuFYxdv+bkefxeC/35eshIKH86q9G/pdgSdG:XkB5ewX+Vz+bLZeCoyIeqEcSdG

Score

8^/10

discovery evasion stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4539	com.adobe.sklasse

Queries the phone number (MSISDN for GSM devices) 1 TTPs
discovery

System Network Configuration Discovery
T1422

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.adobe.sklasse

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

com.adobe.sklasse
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
PID:4539

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.adobe.sklasse/databases/init.db

Filesize
28KB

MD5
a26476a6b5ecf9e439398f2d290ebc7b

SHA1
ba684d990c60a10f328de1f0e45d8fd053345f0b

SHA256
06898f12959de52e404f66a44a69d16f6255243122d576f679f2a3cd6bac83f1

SHA512
2afde71f85d6c91d0ae33a3284148729d703705921da7cfc166c266ee8ae59d41f6777850e6b08b66de32506a90e2b129cd46804f414567780ad859ee87745e5

Download Submit
/data/user/0/com.adobe.sklasse/databases/init.db-journal

Filesize
512B

MD5
2dde49c9e0647282b50947108e5026ef

SHA1
80beb1998fc13debdf8a7078d768743c1d5f28c1

SHA256
30fd595a2caf5a3636c56a4e1c5f8046b5c4818e9239f466d8608fb2390adf3f

SHA512
77671e2b58da2ef2e2f57bd822ea31d4ef468047c9039826b71e1654dfbeadbfe116c614571e85f01c786c29d870bf005b471a2181c35ae8a0e03d523f1f48bd

Download Submit
/data/user/0/com.adobe.sklasse/databases/init.db-journal

Filesize
8KB

MD5
d883a1dfc4717da65a136636fa9e3130

SHA1
58da2ed6d4d147c6166773c3acf0f48744e52cf3

SHA256
ec7e2ac92c3468dceb7231dc4462779ffc08a85c672f871cc010cae052daa3e9

SHA512
dbbae95d962e741b2996195eb4e1a8b0934cdc2e43dd8de4401ad64f6d2c603cacccc712e04fc55a1afe41c040c635846688e82901ca3217e8aa6a4b5d07c01a

Download Submit
/data/user/0/com.adobe.sklasse/databases/init.db-journal

Filesize
8KB

MD5
7d040ce7a543c02cd9f060bca642f2d9

SHA1
6f386f3d44be8444f4c3ead7c66ead2dc45c6c2e

SHA256
a89129e8697f42b947d2d746cff52bcb0af175b168c0ca1283b2676787eafc86

SHA512
ed9e5ec4fde2e087efaa5b21c943c657e76a6e3c1d7638445d00b267473443ed1a965904378c83c49850c86fbcc81f482700390a59389003af8393e464f39913

Download Submit