ac32dc236fea345d135bf1ff973900482cdfce489054760601170ef7feec458f

Analysis

max time kernel
11s
max time network
151s
platform
android-9_x86
resource
android-x86-arm-20240910-en
resource tags

arch:armarch:x86image:android-x86-arm-20240910-enlocale:en-usos:android-9-x86system
submitted
27/03/2025, 01:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac32dc236fea345d135bf1ff973900482cdfce489054760601170ef7feec458f.apk
Size

1.3MB
MD5

93ac3627ec63373a239f4a521819dbe9
SHA1

ce1f752ba4f550e8439e24228c6ccb7aad56ef98
SHA256

ac32dc236fea345d135bf1ff973900482cdfce489054760601170ef7feec458f
SHA512

bd483c8bc6efb24c3f54a9c3632c842a2f7b606b7769d23b4fea455ea08be137f2a0e42632bf3d88490ea954c697db5af85b145596ccb3c1fbe5d90c2b0bc95a
SSDEEP

24576:N1Gk/63Nc4TlZoBP+8fQgwbigP9zlJlnP6f7I2h8r3mVZvrRa+2RplR8Qngx:N17/yZZo1Ff8GgP9zTlnP6n8rWnvrRUk

Score

8^/10

discovery evasion persistence stealth trojan

Malware Config

Signatures

Removes its main activity from the application launcher 1 TTPs 1 IoCs

stealth trojan evasion

Suppress Application Icon

T1628.001

pid	Process
4330	lady.cheap.sting

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
7	ip-api.com

Queries the mobile country code (MCC) 1 TTPs 1 IoCs

discovery

System Network Configuration Discovery

T1422

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone	lady.cheap.sting

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Requests enabling of the accessibility settings. 1 IoCs

description	ioc	Process
Intent action	android.settings.ACCESSIBILITY_SETTINGS	lady.cheap.sting

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	lady.cheap.sting

lady.cheap.sting
1⤵
- Removes its main activity from the application launcher
- Queries the mobile country code (MCC)
- Requests enabling of the accessibility settings.
- Registers a broadcast receiver at runtime (usually for listening for system events)
PID:4330

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

Suppress Application Icon

T1628.001

Credential Access

Discovery

System Network Configuration Discovery

T1422

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads