Overview

overview

10

Static

static

6

D02D012970...94.exe

windows7-x64

1

D02D012970...94.exe

windows10-2004-x64

1

DBm0yQwt.exe.ViR.exe

windows7-x64

10

DBm0yQwt.exe.ViR.exe

windows10-2004-x64

10

ca6ec46ee9...52.apk

android-9-x86

8

ca6ec46ee9...52.apk

android-10-x64

8

ca6ec46ee9...52.apk

android-11-x64

8

calc.exe

windows10-2004-x64

5

ccc71c83c8...B3.exe

windows7-x64

7

ccc71c83c8...B3.exe

windows10-2004-x64

10

ccc71c83c8...68.exe

windows7-x64

7

ccc71c83c8...68.exe

windows10-2004-x64

3

cd2d085998...-0.dll

windows7-x64

8

cd2d085998...-0.dll

windows10-2004-x64

8

cdffb7e75b...ss.exe

windows7-x64

3

cdffb7e75b...ss.exe

windows10-2004-x64

3

cf7382c25a...c9.exe

windows7-x64

6

cf7382c25a...c9.exe

windows10-2004-x64

3

cgi19-alpt...e_.exe

windows7-x64

7

cgi19-alpt...e_.exe

windows10-2004-x64

7

chrst.exe

windows7-x64

3

chrst.exe

windows10-2004-x64

3

ci05l2a.exe

windows7-x64

ci05l2a.exe

windows10-2004-x64

cl.exe

windows7-x64

7

cl.exe

windows10-2004-x64

7

clean.exe

windows7-x64

3

clean.exe

windows10-2004-x64

3

coinvault.exe

windows7-x64

9

coinvault.exe

windows10-2004-x64

6

com_loader.exe

windows7-x64

3

com_loader.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    30s
  • max time network
    132s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    22-11-2024 03:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca6ec46ee9435a4745fd3a03267f051dc64540dd348f127bb33e9675dadd3d52.apk

  • Size

    1.5MB

  • MD5

    4b4d8abbca536c987fca430af62c9bc8

  • SHA1

    4055b08de4d70cd512e1f10d186d887a2c38c86e

  • SHA256

    ca6ec46ee9435a4745fd3a03267f051dc64540dd348f127bb33e9675dadd3d52

  • SHA512

    1feb88f28eeda10e670761cda1d61039fc51f76e38aaf731cf11d7f4621b5f45ac2816037fbaf5a40ad53f14e221f24dbefc34023329a6b753fb90c35a515736

  • SSDEEP

    24576:C6+MSDnehBCO+whjuFtxY5CMbkQfLenj3eesz07m5zvRquduX85ng7ScD:C6PQe3X+C6Mb1Den5i0MzvRgX85g7ScD

Score
8/10
evasionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's foreground persistence service 1 TTPs 3 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence

Processes

  • com.android.porntube
    1⤵
    • Removes its main activity from the application launcher
    PID:4602
  • com.android.porntube:avlab.gov
    1⤵
    • Makes use of the framework's foreground persistence service
    PID:4640
  • com.android.porntube:avlab.gov
    1⤵
    • Makes use of the framework's foreground persistence service
    PID:4684
  • com.android.porntube:avlab.gov
    1⤵
    • Makes use of the framework's foreground persistence service
    PID:4728
  • com.android.porntube:avlab.gov
    1⤵
      PID:4808

    Network

    MITRE ATT&CK Mobile v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /data/user/0/com.android.porntube/databases/init.db
      Filesize

      28KB

      MD5

      a26476a6b5ecf9e439398f2d290ebc7b

      SHA1

      ba684d990c60a10f328de1f0e45d8fd053345f0b

      SHA256

      06898f12959de52e404f66a44a69d16f6255243122d576f679f2a3cd6bac83f1

      SHA512

      2afde71f85d6c91d0ae33a3284148729d703705921da7cfc166c266ee8ae59d41f6777850e6b08b66de32506a90e2b129cd46804f414567780ad859ee87745e5

      Download Submit

    • /data/user/0/com.android.porntube/databases/init.db-journal
      Filesize

      512B

      MD5

      d0b2d6cde8f5087ec5d12afe3f302491

      SHA1

      119463148e133c8d2a756b62ec6f9990f637993d

      SHA256

      af7b8de2da313662d54c423c97c2f7b91f17dea1c21aa1b6ea442724fc7ddb70

      SHA512

      6aa45c730e27fa3d58aab7f2946f4c75f34671919f6a4cf22c07dcc877eaeb31d8c0aea32cf03105496e607974eed1dae9701303725e2355c118d14899c33361

      Download Submit

    • /data/user/0/com.android.porntube/databases/init.db-journal
      Filesize

      8KB

      MD5

      faa574280c765ded0e1c4674d0ea4639

      SHA1

      36ca1d17946b85566c7cb56a9d6e4fc98116f56d

      SHA256

      800d3faf4516a223558e79ea11bedf7002722176e3cc8bd2d707cdecce88330d

      SHA512

      ffccccf0b9b3c691e8e02fe91334d71df92c3eabce5961c0424c703832653122b62f0cdfa2ae805235fe8d33a61069ba9884ca6730c1b3a84c6994da9a34a475

      Download Submit

    • /data/user/0/com.android.porntube/databases/init.db-journal
      Filesize

      8KB

      MD5

      67ce5aa35603355435b3d66006b9db87

      SHA1

      cc8a414d97a4c45f8b42c2422d966f05c0198404

      SHA256

      9fbe21072a56b1cde876c25515ae7a960b50674d0ad29c27b876758b38fadd5a

      SHA512

      51e78960a3ddd36907d4936be63386f2d211ce21e5545c4d0f6baa8363ca57700eb1e349259e7ab316e984c18189b88bc27cffd03ee07f9931dd3a6875565a4d

      Download Submit