fe9c2abe5438e331ca1a6957a071139e2a5505b63bd6294884cbadef11b22305

Analysis

max time kernel
169s
max time network
136s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
06/08/2024, 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe9c2abe5438e331ca1a6957a071139e2a5505b63bd6294884cbadef11b22305.apk
Size

203KB
MD5

156bf684c49f7572dc20e56fab8612fd
SHA1

26a00f01344c97f79855a983660ee5d20ecd7252
SHA256

fe9c2abe5438e331ca1a6957a071139e2a5505b63bd6294884cbadef11b22305
SHA512

2f100c60743137af59ec6e9d54bc2fa874abc376b5257fbef6917fe1b1c67becd57deb968239c40d532e79710c6b55adc813c87a37a6b920194c56f8867cb257
SSDEEP

6144:qS1rAzYi2EoRlUs2yga5VeHo3HY9NL1kDRK+tY:bsUi2EHypdHal1kDRKOY

Score

8^/10

discovery evasion execution persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4600	org.price.favorable

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.price.favorable

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	org.price.favorable

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	org.price.favorable

org.price.favorable
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Schedules tasks to execute at a specified time
PID:4600

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads