04ff7d924671ac03fb3b3a2e0bae7ba979276166766b97d0887c92076a326491

Analysis

max time kernel
7s
max time network
128s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
23-11-2024 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04ff7d924671ac03fb3b3a2e0bae7ba979276166766b97d0887c92076a326491.apk
Size

526KB
MD5

5040d56bc8276ece72a50d56384b3b7b
SHA1

4b0bbad9ca66179aafcb82fb211ea17b6f6429e2
SHA256

04ff7d924671ac03fb3b3a2e0bae7ba979276166766b97d0887c92076a326491
SHA512

06a448fe2c583e74d967eace563c04ee58265f695f034a4755ed2591c4ddb33f6fce94cfcc3fef7c5b7d0954dfc07e3506568407a29b91229ac9bf73a5380479
SSDEEP

12288:vIhgrqfV/akLo0HCO5GVlxtRtTl1iZyVsM7iV:vi2+RLhD50iV

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs
stealth trojan evasion

Suppress Application Icon
T1628.001

Processes:

com.intensive.sound

pid process

4251 com.intensive.sound
Acquires the wake lock 1 IoCs

Processes:

com.intensive.sound

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock com.intensive.sound
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.intensive.sound

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.intensive.sound
Queries information about active data network 1 TTPs 1 IoCs
discovery

System Network Connections Discovery
T1421

Processes:

com.intensive.sound

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo com.intensive.sound

pid	process
4251	com.intensive.sound

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	com.intensive.sound

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.intensive.sound

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.intensive.sound

com.intensive.sound
1⤵
- Removes its main activity from the application launcher
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
PID:4251

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.intensive.sound/databases/com.google.android.datatransport.events

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.intensive.sound/databases/com.google.android.datatransport.events-journal

Filesize
512B

MD5
9888e2c2f123d36274839e6a9f5d6807

SHA1
12afd9eb62b9e9feaaf2721cceca276cca153949

SHA256
0c6bc4531df161cdc0f4c6a47bad67ce3e59b336f9be133900e28602df7e9b72

SHA512
05cb975d8a9638a939031fed21bed26a6d69988d7f527aa6b798360a9fe4481e7463c450fff2acf6510a025c964d610867b069282598b9716454b5d8fce6c596

Download Submit
/data/data/com.intensive.sound/databases/com.google.android.datatransport.events-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.intensive.sound/databases/com.google.android.datatransport.events-wal

Filesize
44KB

MD5
b27a1ab786a006edd6c13bdb4fe64983

SHA1
f239dcaac1e8b654c4276cb4de2f82c9bee6477a

SHA256
dff921128f1b60cf5ce6effbcc960c180a244ed797e4b6cc42cb117f94e86443

SHA512
cf98a232f2517f276a89af18153906cbf6c0b45095a063c5ad6ec6620dd1b216d3227c2dd96531a1f1bef15e445c33e9180e104fb8abd551ba2f21acba5eda73

Download Submit
/data/data/com.intensive.sound/files/9fe946c1-7c84-4659-8f29-6ab738d19efe.dat

Filesize
548B

MD5
440fa757bf82f4fd45ced8f493b40208

SHA1
b68b7a6e55e6ae68f430033404211eb2a071d03e

SHA256
f5098c93b5050e25af606e1c99bdb2632d2ae599eb2449a3aba64e35d10912f5

SHA512
27a31e364ff8901ce751ff6bebdbeb4ec9fc051cd5dc4f2e0a2e8fe25f96312f135c4f87f80fb51ef27c7950ad55ff0987a5c7bf7bb1fdfd6df6e9ceee94e5f9

Download Submit
/data/data/com.intensive.sound/files/PersistedInstallation1010704351679746686tmp

Filesize
566B

MD5
538853e2cd48eff11b3e9cd827ea4ea7

SHA1
ce54fe9d8961de000c4d9fda165155d51ccd54bb

SHA256
a2cf90bfb0d34693624a98c0cd4a832b007cd0829313b27c7ffbf209a5526340

SHA512
2529bfeef9552780e5f918a8c9b6826824f0aef57e77a459d16c6c1168acc2e32dd29c1f6fea7e7ab3299b108cee51985e0a031e32647c1dc70895a6769be72c

Download Submit
/data/data/com.intensive.sound/files/PersistedInstallation221966397406623158tmp

Filesize
90B

MD5
b2b7847710fccf50585409314868f5db

SHA1
0bbea7ac83ab670144e22d2d387c7945ba7f593e

SHA256
9e739a0d79edb109b37ffb38b6ec4342b7c30c98ca2b5bc3e1943e93d6d53a84

SHA512
13b1039df1e3657f93a651625b6533eb4f61472255ccbd31eeeb5a830a9aaddf1168c0dd5405cbe2784b101cc9f83032db903ee48cce30230dcbe77a5ea26bab

Download Submit