0e9f441aab2adab33397cd43e14be9cfeb1f19c76960de45013ac7ec6043d7de

Analysis

max time kernel
149s
max time network
133s
platform
android_x64
resource
android-x64-arm64-20240624-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
submitted
03-02-2025 16:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Красный_Шарик..1.apk
Size

6.4MB
MD5

724f8953aa966c3de4ffeab4bb5e5234
SHA1

05f78bdcab2d34c3b3ad26f3951d7094e47bd242
SHA256

0e9f441aab2adab33397cd43e14be9cfeb1f19c76960de45013ac7ec6043d7de
SHA512

2f5856c2608ceb49996b4c3db32bba3ab003fd17d7e8937329276cfc94a72d74a95bdaa5ccf869c27b9e4f012e2b8875af86a52af01bbb19a6fc9d0b6a42d52d
SSDEEP

98304:yRAt0D2rXrWOTcFli436ZHY5q6YeG5f9IA9NKOtzIz4Tkxop7UWEc/xPaEmkl/GU:Tp+j36ZMDYTxZAOt1QsIp4xPaEmIsYT

Score

6^/10

defense_evasion impact persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	redball.apk

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	redball.apk

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	redball.apk

redball.apk
1⤵
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Uses Crypto APIs (Might try to encrypt user data)
PID:4486

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads