17c01f71137616523b11d76d5ca9ee89343addf90fa946d2f3fb16b13c9c6686 | Triage

Analysis

max time kernel
15s
max time network
153s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
13-01-2025 21:21

Sharing

Report Analysis Logs

General

Target

Framework.apk
Size

293KB
MD5

c4fd7f2fb1427b793a26b74f2f63ad06
SHA1

815a28e946c32ee08f2550ec748c201ffdcf71c8
SHA256

17c01f71137616523b11d76d5ca9ee89343addf90fa946d2f3fb16b13c9c6686
SHA512

0fd5553ba5a7ff91e7544f0c9b7d8fd57e725b4dffb8ce5da0eb9df7cc57395a8d2a6ca52aa2b4fb59f6a5ca27b2c2525fe94c5ce1ab541c023a939fc87018aa
SSDEEP

6144:fb3g/mdwIxBG6EXqDNv6S8Nc+LEDfPubPfLB:fDsILBEaDNCIDXSl

Score

6^/10

evasion impact persistence privilege_escalation

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	ahmyth.mine.king.ahmyth

Tries to add a device administrator. 2 TTPs 1 IoCs

privilege_escalation impact

Device Administrator Permissions

Account Access Removal

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	ahmyth.mine.king.ahmyth

ahmyth.mine.king.ahmyth
1⤵
- Makes use of the framework's foreground persistence service
- Tries to add a device administrator.
PID:4256

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Replay Monitor

Loading Replay Monitor...

Downloads