6df9e357ef816f138b68f677f03447f11b6aa4aeaa2324b8dce861182b0fac40

Analysis

max time kernel
166s
max time network
134s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
06/08/2024, 22:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6df9e357ef816f138b68f677f03447f11b6aa4aeaa2324b8dce861182b0fac40.apk
Size

206KB
MD5

917c3f4fac7ddaf1c1f0d2b0ceeec585
SHA1

1fc77b9296d40d3a7c2d0cfd5e7c6347c1800cb5
SHA256

6df9e357ef816f138b68f677f03447f11b6aa4aeaa2324b8dce861182b0fac40
SHA512

5cbd137912690681a368a5abf5d3c3003b6228adecb6bea4cfa4a717b2e709837f6efadfa5c80a037622a431f98cd0e277cc978097ea1c9ca3cec81fb59f27d3
SSDEEP

6144:c0iDVIWOzgCxChbQB53tSVnlQ/UIRxoKdrT:cWz1xChbQB/knlQ/UMdrT

Score

8^/10

discovery evasion execution persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4440	com.comfortable.animal

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.comfortable.animal

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.comfortable.animal

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	com.comfortable.animal

com.comfortable.animal
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Schedules tasks to execute at a specified time
PID:4440

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads