ahmyth | 17c01f71137616523b11d76d5ca9ee89343addf90fa946d2f3fb16b13c9c6686 | Triage

Sharing

General

Target

Framework.apk
Size

293KB
Sample

250113-z7jyesxqcw
MD5

c4fd7f2fb1427b793a26b74f2f63ad06
SHA1

815a28e946c32ee08f2550ec748c201ffdcf71c8
SHA256

17c01f71137616523b11d76d5ca9ee89343addf90fa946d2f3fb16b13c9c6686
SHA512

0fd5553ba5a7ff91e7544f0c9b7d8fd57e725b4dffb8ce5da0eb9df7cc57395a8d2a6ca52aa2b4fb59f6a5ca27b2c2525fe94c5ce1ab541c023a939fc87018aa
SSDEEP

6144:fb3g/mdwIxBG6EXqDNv6S8Nc+LEDfPubPfLB:fDsILBEaDNCIDXSl

Score

10^/10

ahmyth android evasion impact persistence privilege_escalation

Malware Config

Extracted

Family

ahmyth

C2

http://none-vehicle.gl.at.ply.gg:46577

Targets

- Target
  
  Framework.apk
- Size
  
  293KB
- MD5
  
  c4fd7f2fb1427b793a26b74f2f63ad06
- SHA1
  
  815a28e946c32ee08f2550ec748c201ffdcf71c8
- SHA256
  
  17c01f71137616523b11d76d5ca9ee89343addf90fa946d2f3fb16b13c9c6686
- SHA512
  
  0fd5553ba5a7ff91e7544f0c9b7d8fd57e725b4dffb8ce5da0eb9df7cc57395a8d2a6ca52aa2b4fb59f6a5ca27b2c2525fe94c5ce1ab541c023a939fc87018aa
- SSDEEP
  
  6144:fb3g/mdwIxBG6EXqDNv6S8Nc+LEDfPubPfLB:fDsILBEaDNCIDXSl
Score

6^/10

evasion impact persistence privilege_escalation
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

evasionimpactpersistenceprivilege_escalation

behavioral2

evasionpersistence

behavioral3

evasionimpactpersistenceprivilege_escalation