Overview

overview

10

Static

static

6

D02D012970...94.exe

windows7-x64

1

D02D012970...94.exe

windows10-2004-x64

1

DBm0yQwt.exe.ViR.exe

windows7-x64

10

DBm0yQwt.exe.ViR.exe

windows10-2004-x64

10

ca6ec46ee9...52.apk

android-9-x86

8

ca6ec46ee9...52.apk

android-10-x64

8

ca6ec46ee9...52.apk

android-11-x64

8

calc.exe

windows10-2004-x64

5

ccc71c83c8...B3.exe

windows7-x64

7

ccc71c83c8...B3.exe

windows10-2004-x64

10

ccc71c83c8...68.exe

windows7-x64

7

ccc71c83c8...68.exe

windows10-2004-x64

3

cd2d085998...-0.dll

windows7-x64

8

cd2d085998...-0.dll

windows10-2004-x64

8

cdffb7e75b...ss.exe

windows7-x64

3

cdffb7e75b...ss.exe

windows10-2004-x64

3

cf7382c25a...c9.exe

windows7-x64

6

cf7382c25a...c9.exe

windows10-2004-x64

3

cgi19-alpt...e_.exe

windows7-x64

7

cgi19-alpt...e_.exe

windows10-2004-x64

7

chrst.exe

windows7-x64

3

chrst.exe

windows10-2004-x64

3

ci05l2a.exe

windows7-x64

ci05l2a.exe

windows10-2004-x64

cl.exe

windows7-x64

7

cl.exe

windows10-2004-x64

7

clean.exe

windows7-x64

3

clean.exe

windows10-2004-x64

3

coinvault.exe

windows7-x64

9

coinvault.exe

windows10-2004-x64

6

com_loader.exe

windows7-x64

3

com_loader.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    30s
  • max time network
    131s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    22-11-2024 03:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca6ec46ee9435a4745fd3a03267f051dc64540dd348f127bb33e9675dadd3d52.apk

  • Size

    1.5MB

  • MD5

    4b4d8abbca536c987fca430af62c9bc8

  • SHA1

    4055b08de4d70cd512e1f10d186d887a2c38c86e

  • SHA256

    ca6ec46ee9435a4745fd3a03267f051dc64540dd348f127bb33e9675dadd3d52

  • SHA512

    1feb88f28eeda10e670761cda1d61039fc51f76e38aaf731cf11d7f4621b5f45ac2816037fbaf5a40ad53f14e221f24dbefc34023329a6b753fb90c35a515736

  • SSDEEP

    24576:C6+MSDnehBCO+whjuFtxY5CMbkQfLenj3eesz07m5zvRquduX85ng7ScD:C6PQe3X+C6Mb1Den5i0MzvRgX85g7ScD

Score
8/10
evasionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's foreground persistence service 1 TTPs 3 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

Processes

  • com.android.porntube
    1⤵
    • Removes its main activity from the application launcher
    PID:4258
  • com.android.porntube:avlab.gov
    1⤵
    • Makes use of the framework's foreground persistence service
    PID:4285
  • com.android.porntube:avlab.gov
    1⤵
    • Makes use of the framework's foreground persistence service
    PID:4326
  • com.android.porntube:avlab.gov
    1⤵
    • Makes use of the framework's foreground persistence service
    PID:4363
  • com.android.porntube:avlab.gov
    1⤵
      PID:4447

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/data/com.android.porntube/databases/init.db
      Filesize

      28KB

      MD5

      9fec7fc5219bc6228224a4c1d4c3888a

      SHA1

      7468dfa9c028725b8eb46f14188c96d747622033

      SHA256

      e02ce52371af6b53bab40b106b0c8f220d434bc4d536907fbc4b44a147042198

      SHA512

      a337f608c385ec3edda7f46d985c061302fafa9a2c29901bff7adfe8e462afc0fa839c72d42b2c54f4466868ad0f9a487191216a5ea2bb31fb6bdec879376e90

      Download Submit

    • /data/data/com.android.porntube/databases/init.db-journal
      Filesize

      512B

      MD5

      e9f2bdb100f560a02145ede557642638

      SHA1

      848556782c35abefdef61d9781f22565c3b6e641

      SHA256

      5fb0af980dd29cf42b8937d4ef987ad1eda2985261396eee068e2e9ced21877a

      SHA512

      4f2e87ee7df490060ae069fad9ea3bdd7c7e5707c61ce6c11cf8d3766c318b4d2cf2f201696812a6fd5adde57ac2687721c718765d0f44af7e2b24a1a17b724b

      Download Submit

    • /data/data/com.android.porntube/databases/init.db-shm
      Filesize

      32KB

      MD5

      bb7df04e1b0a2570657527a7e108ae23

      SHA1

      5188431849b4613152fd7bdba6a3ff0a4fd6424b

      SHA256

      c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

      SHA512

      768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

      Download Submit

    • /data/data/com.android.porntube/databases/init.db-wal
      Filesize

      40KB

      MD5

      d5b48de20c690ee7ab05f08afd9be3aa

      SHA1

      afda95754e59b77786b9bca5187041b6d67b2019

      SHA256

      dd471bb2e3f1a2c8c801b527e8596caf7aef907ca85a9487c8787d2b6943c107

      SHA512

      efff12d614e41f379c606ce7eb2c958cc853678fa38fe1c7cdbe17c1abe621c295d794b46def6c5ab7168daf9b040f8f5946c1dc5e16a835507e1d2a922586db

      Download Submit