ahmyth | 5374067c96c4e8a59abde4a3f045122e0ac6032e625fccaaa283be6d1461b399 | Triage

Sharing

General

Target

Ahmyth-aligned-debugSigned.apk
Size

293KB
Sample

250216-vkan1stmby
MD5

b61a1d00aeff285cc431240812842b11
SHA1

fe19925c10490943cdaa71b8d3cad773171bceeb
SHA256

5374067c96c4e8a59abde4a3f045122e0ac6032e625fccaaa283be6d1461b399
SHA512

f9c31fd3fba8be02de90097d8511d90320bd8c42a721127e109631e0c300e139dfb7f4089e4ec1cbde4edddda9c2b18d82d3b1b7ae1cab642df369db96ff4843
SSDEEP

6144:T7Cv+PMenyQyVyE2LjVR9GEvW63BgwJLzD7PHbDfOLB:TOsMenyO3V2wW63uSXDLPk

Score

10^/10

ahmyth android defense_evasion impact persistence privilege_escalation

Malware Config

Extracted

Family

ahmyth

C2

http://192.168.209.12:42474

Targets

- Target
  
  Ahmyth-aligned-debugSigned.apk
- Size
  
  293KB
- MD5
  
  b61a1d00aeff285cc431240812842b11
- SHA1
  
  fe19925c10490943cdaa71b8d3cad773171bceeb
- SHA256
  
  5374067c96c4e8a59abde4a3f045122e0ac6032e625fccaaa283be6d1461b399
- SHA512
  
  f9c31fd3fba8be02de90097d8511d90320bd8c42a721127e109631e0c300e139dfb7f4089e4ec1cbde4edddda9c2b18d82d3b1b7ae1cab642df369db96ff4843
- SSDEEP
  
  6144:T7Cv+PMenyQyVyE2LjVR9GEvW63BgwJLzD7PHbDfOLB:TOsMenyO3V2wW63uSXDLPk
Score

6^/10

defense_evasion impact persistence privilege_escalation
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  defense_evasion persistence
- Tries to add a device administrator.
  privilege_escalation impact
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Tasks

static1

behavioral1

defense_evasionimpactpersistenceprivilege_escalation

behavioral2

defense_evasionpersistence

behavioral3

defense_evasionimpactpersistenceprivilege_escalation