1aadc15493f6f4fe54e4a9769ff02384672b548bc605c79cda714d99065e656c

Resubmissions

07-02-2025 22:02

250207-1xzfssznfw 10

07-02-2025 22:00

250207-1w33laznby 10

Analysis

max time kernel
59s
max time network
67s
platform
android_x86
resource
android-x86-arm-20240624-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
submitted
07-02-2025 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1aadc15493f6f4fe54e4a9769ff02384672b548bc605c79cda714d99065e656c.apk
Size

5.4MB
MD5

8a7559806542b099f450c9a2d410fd03
SHA1

890e688a213451e021ee3621d2b55fc48c5d7e17
SHA256

1aadc15493f6f4fe54e4a9769ff02384672b548bc605c79cda714d99065e656c
SHA512

8785c64a8f3f0e4066d522ec02c776a7d3af25ac788554ab49d25b10361b9eefb91b3767fb343334ae09f5212f3b90b0c716cd72abaea2e01c4e3eec7dfd9cdb
SSDEEP

98304:IICMbwEBSiz9Jf1h8AgoJgO1RqL3ZBSLqXQXqULcuaOCVPI0Pz63a7//BBq:IobLBSipx38dQ1RqLHW0QaUArg0Pz62a

Score

6^/10

defense_evasion impact persistence

Malware Config

Signatures

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	cheatstandoff.apk

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	cheatstandoff.apk

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	cheatstandoff.apk

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	cheatstandoff.apk

cheatstandoff.apk
1⤵
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Uses Crypto APIs (Might try to encrypt user data)
PID:4241

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads