c41899315b2f3dad512ed1f58746e59fdb2f9717badcf7b2c861c1248d945991

Analysis

max time kernel
30s
max time network
152s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
22-11-2024 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca6ec46ee9435a4745fd3a03267f051dc64540dd348f127bb33e9675dadd3d52.apk
Size

1.5MB
MD5

4b4d8abbca536c987fca430af62c9bc8
SHA1

4055b08de4d70cd512e1f10d186d887a2c38c86e
SHA256

ca6ec46ee9435a4745fd3a03267f051dc64540dd348f127bb33e9675dadd3d52
SHA512

1feb88f28eeda10e670761cda1d61039fc51f76e38aaf731cf11d7f4621b5f45ac2816037fbaf5a40ad53f14e221f24dbefc34023329a6b753fb90c35a515736
SSDEEP

24576:C6+MSDnehBCO+whjuFtxY5CMbkQfLenj3eesz07m5zvRquduX85ng7ScD:C6PQe3X+C6Mb1Den5i0MzvRgX85g7ScD

Score

8^/10

evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

Processes:

com.android.porntube

pid	Process
4928	com.android.porntube

Makes use of the framework's foreground persistence service 1 TTPs 3 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

Processes:

com.android.porntube:avlab.govcom.android.porntube:avlab.govcom.android.porntube:avlab.gov

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	com.android.porntube:avlab.gov
Framework service call	android.app.IActivityManager.setServiceForeground	com.android.porntube:avlab.gov
Framework service call	android.app.IActivityManager.setServiceForeground	com.android.porntube:avlab.gov

com.android.porntube
1⤵
- Removes its main activity from the application launcher
PID:4928

com.android.porntube:avlab.gov
1⤵
- Makes use of the framework's foreground persistence service
PID:4964

com.android.porntube:avlab.gov
1⤵
- Makes use of the framework's foreground persistence service
PID:5006

com.android.porntube:avlab.gov
1⤵
- Makes use of the framework's foreground persistence service
PID:5084

com.android.porntube:avlab.gov
1⤵
PID:5157

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.android.porntube/databases/init.db

Filesize
28KB

MD5
edf062678162a7bf24ea319131b0ed7a

SHA1
d4713dd2d1e86c7295718ce2ec753ed8e89baae1

SHA256
4b77fbd9b902d4fd2e02450f8e25e7e2b1528de5814d78f0816aacdab64814c9

SHA512
d17a73b87e424fd980a383c7b12444e4c7a39ec2037b103e54901883cf909c193073c467b30e8688fea8b892a9d4392c32959038503a2b7eb155f92b1549cc12

Download Submit
/data/data/com.android.porntube/databases/init.db-journal

Filesize
512B

MD5
36a1683671e5c82150bbd4f17e694755

SHA1
0ddd449b28d8874d7d48128b277360a98a90d0d9

SHA256
b9c5c42418f45ab2023f65f95787d8701ff0976ef90cd0020209d4757751bd35

SHA512
dc64c8728ba56c881d20225aad5ecac82faded385d865f784d7b0d008c99b887db5ccce47fdba70a238d3ebb477a069e91e285a2fb29bb9bc56cdc014e4e13bb

Download Submit
/data/data/com.android.porntube/databases/init.db-journal

Filesize
8KB

MD5
b7ad35f3a0b55a10484add53a2a45013

SHA1
6ccf6db7f67df453a742349cc1c5fedcf8d224fa

SHA256
289c56d9ec437c29b75dcde62205d38c35170a77466e2bd6ed56b0ff7ebdd810

SHA512
d19f0461c3e5f5f14fc7cf09cb21c216b1bf7fe80240000504d437c28fd0abffc0721256c8aa29ba3f753815784a8053d934d56467a1a68d4972f3a5601ec7d8

Download Submit
/data/data/com.android.porntube/databases/init.db-journal

Filesize
8KB

MD5
b7f76b6e1cca488dc5d8a9b17bd20699

SHA1
32931e64ab37ccdc51a1eba9e258afee3b5b9d04

SHA256
ab734ad7317ded55b1295671438b7cf6b8448bb0b96fc32a3112b70cb712f0db

SHA512
9819b5afa9226614525b4ae1f75b9157e16cdc80929757f23f7bfa3e9cea4a851fe9f4077e21e18125df17674f4fa6a61dc78d0721efc45df0d62c50abbd52bd

Download Submit