2e1e50d16334211e1929bde46ed56185bf1c75bc0e1525d845db46c6175e4dfd

Analysis

max time kernel
13s
max time network
183s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
05/08/2024, 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e1e50d16334211e1929bde46ed56185bf1c75bc0e1525d845db46c6175e4dfd.apk
Size

1.3MB
MD5

129a40699a540410993bda6696a602c7
SHA1

0ef695d685c770ad5063540227090692cf19a50d
SHA256

2e1e50d16334211e1929bde46ed56185bf1c75bc0e1525d845db46c6175e4dfd
SHA512

0bc43aa523f9f843205507f7bf9d6c3fbe48e4e62d039919059f4909fe45acfa34793b4464c421eb68b3bf8a38eebb8644e5c3deff2dab2790cf1464fcb48910
SSDEEP

24576:L5YkQxt0EfI/CCh78J78MrkU8I6W+EPilQZhL7ZWKugV2KZjgqmO/x4ku74nr:L5YkQxt0EfI6y8J2U8I63QhZWVg0KZj3

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4251	vital.dash.business

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
19	ip-api.com
7	ip-api.com

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	vital.dash.business

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	vital.dash.business

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	vital.dash.business

vital.dash.business
1⤵
- Removes its main activity from the application launcher
- Queries the mobile country code (MCC)
- Requests enabling of the accessibility settings.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4251

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...