5ab865127fe2ec00e6acc80e51a42f35d16135b15f2165662a94c3dd5884b3d6 | Triage

Analysis

max time kernel
11s
max time network
151s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
15/03/2025, 15:14

Sharing

Report Analysis Logs

General

Target

google.apk
Size

293KB
MD5

d26ae354cda579589e7f7882db51f2b4
SHA1

c2f877298c6c5f1476c2983a26290f1829039609
SHA256

5ab865127fe2ec00e6acc80e51a42f35d16135b15f2165662a94c3dd5884b3d6
SHA512

e79bcce41651bcd7f3fbb0ac673bf0200b5d7df5b8090419d97ac4c109520f67b857bccaf21fd0bfe85e114a79e922703bcbbd52a21a96d2018688b8008bdbf3
SSDEEP

6144:dlSewjehEvNjQz5rHKI0mYkM6BgjMrLWDjPkbPfPI:dlPUFjKHK2YJ6uI6Dj4A

Score

6^/10

defense_evasion impact persistence privilege_escalation

Malware Config

Signatures

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

defense_evasion persistence

Foreground Persistence

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	ahmyth.mine.king.ahmyth

Tries to add a device administrator. 2 TTPs 1 IoCs

privilege_escalation impact

Device Administrator Permissions

Account Access Removal

description	ioc	Process
Intent action	android.app.action.ADD_DEVICE_ADMIN	ahmyth.mine.king.ahmyth

ahmyth.mine.king.ahmyth
1⤵
- Makes use of the framework's foreground persistence service
- Tries to add a device administrator.
PID:4652

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Device Administrator Permissions

Defense Evasion

Foreground Persistence

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Account Access Removal

Replay Monitor

Loading Replay Monitor...

Downloads