0fec5a20a4002ac124f46697743b7ad42389f6a089cb7771bd9ba643369a938b

Analysis

max time kernel
12s
max time network
134s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
14-09-2024 16:12

Target

PRLOIX.apk
Size

1.9MB
MD5

527454ce96785029b24823e6b0183317
SHA1

0556c4164393337ed292225528c9d0a5b2795ccd
SHA256

0fec5a20a4002ac124f46697743b7ad42389f6a089cb7771bd9ba643369a938b
SHA512

7402af195f66a7a17a6de7d3c8e27a5f688752fdcf5bab13aac4919abf3ea183592d96c6006157322475a3a5535718502613fef735aa09537d4bb8c9accdd0c2
SSDEEP

49152:jrLktsI3deNsQlY8CNvu48i/t98TBmjg9588:rNI3dAruvNm/i/YBrR

Score

6^/10

Acquires the wake lock 1 IoCs

Processes:

com.example.dat.a8andoserverx

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.example.dat.a8andoserverx
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.example.dat.a8andoserverx

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.example.dat.a8andoserverx

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.example.dat.a8andoserverx

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.example.dat.a8andoserverx

com.example.dat.a8andoserverx
1⤵
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
PID:4302

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact