9af5c084b7203741bc26debb6212bf138f3c7a41e04d96948a332be4a842882e | Triage

Resubmissions

11-02-2025 06:31

250211-g96k4aynar 10

24-05-2023 00:25

230524-aqymtaaa94 7

22-05-2023 06:36

230522-hcxglahc8x 7

Analysis

max time kernel
85s
max time network
154s
platform
android_x64
resource
android-33-x64-arm64-20240624-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system
submitted
11-02-2025 06:31

Sharing

Report Analysis Logs

General

Target

AndroRAt.apk
Size

293KB
MD5

3d3b2a66ae3a8a8cf21e2cde12f5387f
SHA1

a6c8e87367f8168ece54c8f27ba182df406a41c3
SHA256

9af5c084b7203741bc26debb6212bf138f3c7a41e04d96948a332be4a842882e
SHA512

81ee8d00eae3a3c3d4276b370e7d3f755be01a429dc16b144c7ffeba3c3b49957152392715eeaa19aa284574e49139b914e4d6cdc5a4171a7ccadc432c39436d
SSDEEP

6144:ZbkPe2DpLKXsb1ULz9Qg7KZdyuKI0mYkMdfO:QtDpbmLBSGuK2YJJO

Score

6^/10

defense_evasion impact persistence privilege_escalation

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	ahmyth.mine.king.ahmyth

Tries to add a device administrator. 2 TTPs 1 IoCs

privilege_escalation impact

Device Administrator Permissions

Account Access Removal

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	ahmyth.mine.king.ahmyth

ahmyth.mine.king.ahmyth
1⤵
- Makes use of the framework's foreground persistence service
- Tries to add a device administrator.
PID:4356

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Replay Monitor

Loading Replay Monitor...

Downloads