ahmyth | 4c6183029dcf2e4d604c473c2dfb4f72037b6a8f13d9183b0842fd201e422d7a

Resubmissions

27/03/2025, 07:43

250327-jj8nwa1mv2 6

27/03/2025, 07:39

250327-jgx5csyxcv 10

27/03/2025, 07:34

250327-jd367s1lw9 6

Analysis

max time kernel
74s
max time network
75s
platform
android-13_x64
resource
android-33-x64-arm64-20240910-en
resource tags

arch:arm64arch:x64arch:x86image:android-33-x64-arm64-20240910-enlocale:en-usos:android-13-x64system
submitted
27/03/2025, 07:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ttGPQI.html
Size

7KB
MD5

aa5d13590623abb5d3963a8af5dfb85d
SHA1

8dcb62e75f970ac4f9f78e2558f335951b599774
SHA256

4c6183029dcf2e4d604c473c2dfb4f72037b6a8f13d9183b0842fd201e422d7a
SHA512

94899bfebc29d4d76c1a8d0e9b787ae50386a5e8718194791d27d86eb7e67e1b0e1a9b0a4e68031905c767419bd767b9d2666ac5ffd0a8dd87c0bf842ac7282b
SSDEEP

96:CMq9SlLh2B3Zq36uWl/PtxyjttJQ8Maoah3vL5LaNclmnU1Eh2sS:T1lLhwJrPahtJxMaoah3vG12sS

Score

10^/10

ahmyth infostealer rat trojan

Malware Config

Extracted

Family

ahmyth

http://147.185.221.17:25603

Signatures

AhMyth
AhMyth is an open source Android remote administration tool.
trojan infostealer rat ahmyth
Ahmyth family
ahmyth

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
45	api.gofile.io

Requests dangerous framework permissions 20 IoCs

description	ioc
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps.	android.permission.SYSTEM_ALERT_WINDOW
Allows an application to read from external storage.	android.permission.READ_EXTERNAL_STORAGE
Allows an application to write to external storage.	android.permission.WRITE_EXTERNAL_STORAGE
Allows an application to request installing packages.	android.permission.REQUEST_INSTALL_PACKAGES
Required to be able to access the camera device.	android.permission.CAMERA
Allows an application a broad access to external storage in scoped storage.	android.permission.MANAGE_EXTERNAL_STORAGE
Allows an application to read or write the system settings.	android.permission.WRITE_SETTINGS
Allows an application to read SMS messages.	android.permission.READ_SMS
Allows an application to send SMS messages.	android.permission.SEND_SMS
Allows an application to receive SMS messages.	android.permission.RECEIVE_SMS
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device.	android.permission.READ_PHONE_STATE
Allows an application to read the user's call log.	android.permission.READ_CALL_LOG
Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether.	android.permission.PROCESS_OUTGOING_CALLS
Allows an application to read the user's contacts data.	android.permission.READ_CONTACTS
Allows an application to record audio.	android.permission.RECORD_AUDIO
Allows an app to access precise location.	android.permission.ACCESS_FINE_LOCATION
Allows an app to access approximate location.	android.permission.ACCESS_COARSE_LOCATION
Allows an app to access location in the background.	android.permission.ACCESS_BACKGROUND_LOCATION

Checks CPU information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/cpuinfo	com.android.chrome

Checks memory information 2 TTPs 1 IoCs

System Checks

T1633.001

System Information Discovery

T1426

description	ioc	Process
File opened for read	/proc/meminfo	com.android.chrome

com.android.chrome
1⤵
- Checks CPU information
- Checks memory information
PID:4386

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Discovery

System Information Discovery

T1426

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Download/.pending-1743665972-ROPanel-FF-v4.apk

Filesize
37.4MB

MD5
21b6dd8cb33300af30a47323e0a74d46

SHA1
83a6bfa7d8bd1f21c34a5cdce1165f40faf0991a

SHA256
50462d49f568d88b26c90c841c453f7e0e85b32c4c348b50e80422911dcfdd25

SHA512
8c17cad14ff321c798ba07c7a0da05c619463fa5723fdfb90a4bff96d6949be87e552911088a586e1e53ae1c0d87381171e05c8d7a5971a0d7433aa2b6ed8e6e

Download Submit
/storage/emulated/0/Download/.pending-1743665972-ROPanel-FF-v4.apk (deleted)

Filesize
620KB

MD5
2c5456e645f0142676e2769a40ab8923

SHA1
84b9987a0f033b5fb83d8c559113df8dd6d8aa38

SHA256
dba710b7a8c2cff855500b0d39461d590a13db35569245581ae869ec921d041d

SHA512
c4004ef8e56ec00fe6ca1f9a315819f2b10deaa92dda86bff5c8f05a97e27f0cc0fe9a1de32d4b780194fdffc7c7523763c1306d7b0a115545fa4fcac4b09f89

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads