942dee6c8af0156c2936c63e8e131514f69407f8e1dd962af5a1b0f2f1bce0d5 | Triage

Analysis

max time kernel
12s
max time network
152s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
28-09-2024 13:39

Sharing

Report Analysis Logs

General

Target

AhmythaligneddebugSigned.apk
Size

293KB
MD5

4dc44afb21f46dc88ff5f9553c3ac9f8
SHA1

b01c920c64223c9d1a230dc1e4b87c24eed2e33b
SHA256

942dee6c8af0156c2936c63e8e131514f69407f8e1dd962af5a1b0f2f1bce0d5
SHA512

5cb276bf25acc19925e03685362e997352c12a49e7973c817209a750433895dab8124ce7f6238ab42d8493a149c96e068a20499dbbe68eed39e9c66feb8e400d
SSDEEP

6144:Ab2+Pu8LEAp4d6l6jM8kkOhhZUqZArRl8N3DWHHLkLSD/PAbvfp:Ab2X8LOd6AjM8OTWl8xiHgWD3sp

Score

6^/10

evasion impact persistence privilege_escalation

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	ahmyth.mine.king.ahmyth

Tries to add a device administrator. 2 TTPs 1 IoCs

privilege_escalation impact

Device Administrator Permissions

Account Access Removal

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	ahmyth.mine.king.ahmyth

ahmyth.mine.king.ahmyth
1⤵
- Makes use of the framework's foreground persistence service
- Tries to add a device administrator.
PID:4300

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Replay Monitor

Loading Replay Monitor...

Downloads