6d98d5269a2f597312589d92c0cbef1e4781dead46d37a2fe0ba5fbecd4eae19

General

Target

kakaobank.apk
Size

14.1MB
MD5

0ca16038c31f3ce5bb074c7fef5b5ae2
SHA1

753d3c8ba8507d88e5e0b71a9947b25483fb6618
SHA256

6d98d5269a2f597312589d92c0cbef1e4781dead46d37a2fe0ba5fbecd4eae19
SHA512

5be92cb0d1e216f7bcaa78260d76817a7067f9241b6ae912270117c4aef58aa8f879e408042cead0a11393ad0f5cca50d4dd859d25562ba02a1c4b2c0544930c

Score

6^/10

obfuscation

Malware Config

Signatures

Reads name of network operator 1 IoCs
Uses Android APIs to discover system information.

Processes:

com.kaka0s.sx98xa

description ioc process

Framework API call android.telephony.TelephonyManager.getNetworkOperatorName com.kaka0s.sx98xa
Suspicious use of android.app.ActivityManager.getRunningAppProcesses 3 IoCs

Processes:

com.kaka0s.sx98xa

pid process

4555 com.kaka0s.sx98xa
4555 com.kaka0s.sx98xa
4555 com.kaka0s.sx98xa
Suspicious use of android.app.ActivityManager.getRunningServices 1 IoCs

Processes:

com.kaka0s.sx98xa

pid process

4555 com.kaka0s.sx98xa
Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages 1 IoCs

Processes:

com.kaka0s.sx98xa

pid process

4555 com.kaka0s.sx98xa
Suspicious use of android.telephony.TelephonyManager.getLine1Number 1 IoCs

Processes:

com.kaka0s.sx98xa

pid process

4555 com.kaka0s.sx98xa

description	ioc	process
Framework API call	android.telephony.TelephonyManager.getNetworkOperatorName	com.kaka0s.sx98xa

pid	process
4555	com.kaka0s.sx98xa
4555	com.kaka0s.sx98xa
4555	com.kaka0s.sx98xa

pid	process
4555	com.kaka0s.sx98xa

pid	process
4555	com.kaka0s.sx98xa

pid	process
4555	com.kaka0s.sx98xa

Uses reflection 75 IoCs

obfuscation

Processes:

com.kaka0s.sx98xa

description	pid	process
Invokes method com.kbwork.dygaqy.net.entity.RegistEntity.getDeviceId	4555	com.kaka0s.sx98xa
Invokes method com.kbwork.dygaqy.net.entity.RegistEntity.getDeviceName	4555	com.kaka0s.sx98xa
Invokes method com.kbwork.dygaqy.net.entity.RegistEntity.getHost	4555	com.kaka0s.sx98xa
Invokes method com.kbwork.dygaqy.net.entity.RegistEntity.isNavigationBar	4555	com.kaka0s.sx98xa
Invokes method com.kbwork.dygaqy.net.entity.RegistEntity.getNetwork	4555	com.kaka0s.sx98xa
Invokes method com.kbwork.dygaqy.net.entity.RegistEntity.getNumber	4555	com.kaka0s.sx98xa
Invokes method com.kbwork.dygaqy.net.entity.RegistEntity.getOsVersion	4555	com.kaka0s.sx98xa
Invokes method com.kbwork.dygaqy.net.entity.RegistEntity.getResolution	4555	com.kaka0s.sx98xa
Invokes method com.kbwork.dygaqy.net.entity.RegistEntity.getSaler_code	4555	com.kaka0s.sx98xa
Invokes method com.kbwork.dygaqy.net.entity.RegistEntity.isTCall	4555	com.kaka0s.sx98xa
Invokes method com.kbwork.dygaqy.net.entity.RegistEntity.isWhowho	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getStatusLine	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getEntity	4555	com.kaka0s.sx98xa
Acesses field cz.msebera.android.httpclient.entity.HttpEntityWrapper.wrappedEntity	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpMessage.getAllHeaders	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getStatusLine	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getEntity	4555	com.kaka0s.sx98xa
Acesses field cz.msebera.android.httpclient.entity.HttpEntityWrapper.wrappedEntity	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpMessage.getAllHeaders	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getStatusLine	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getEntity	4555	com.kaka0s.sx98xa
Acesses field cz.msebera.android.httpclient.entity.HttpEntityWrapper.wrappedEntity	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpMessage.getAllHeaders	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getStatusLine	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getEntity	4555	com.kaka0s.sx98xa
Acesses field cz.msebera.android.httpclient.entity.HttpEntityWrapper.wrappedEntity	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpMessage.getAllHeaders	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getStatusLine	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getEntity	4555	com.kaka0s.sx98xa
Acesses field cz.msebera.android.httpclient.entity.HttpEntityWrapper.wrappedEntity	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpMessage.getAllHeaders	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getStatusLine	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getEntity	4555	com.kaka0s.sx98xa
Acesses field cz.msebera.android.httpclient.entity.HttpEntityWrapper.wrappedEntity	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpMessage.getAllHeaders	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getStatusLine	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getEntity	4555	com.kaka0s.sx98xa
Acesses field cz.msebera.android.httpclient.entity.HttpEntityWrapper.wrappedEntity	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpMessage.getAllHeaders	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getStatusLine	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getEntity	4555	com.kaka0s.sx98xa
Acesses field cz.msebera.android.httpclient.entity.HttpEntityWrapper.wrappedEntity	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpMessage.getAllHeaders	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getStatusLine	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getEntity	4555	com.kaka0s.sx98xa
Acesses field cz.msebera.android.httpclient.entity.HttpEntityWrapper.wrappedEntity	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpMessage.getAllHeaders	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getStatusLine	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getEntity	4555	com.kaka0s.sx98xa
Acesses field cz.msebera.android.httpclient.entity.HttpEntityWrapper.wrappedEntity	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpMessage.getAllHeaders	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getStatusLine	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getEntity	4555	com.kaka0s.sx98xa
Acesses field cz.msebera.android.httpclient.entity.HttpEntityWrapper.wrappedEntity	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpMessage.getAllHeaders	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getStatusLine	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getEntity	4555	com.kaka0s.sx98xa
Acesses field cz.msebera.android.httpclient.entity.HttpEntityWrapper.wrappedEntity	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpMessage.getAllHeaders	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getStatusLine	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getEntity	4555	com.kaka0s.sx98xa
Acesses field cz.msebera.android.httpclient.entity.HttpEntityWrapper.wrappedEntity	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpMessage.getAllHeaders	4555	com.kaka0s.sx98xa
Invokes method cz.msebera.android.httpclient.HttpResponse.getStatusLine	4555	com.kaka0s.sx98xa

com.kaka0s.sx98xa
1⤵
- Reads name of network operator
- Suspicious use of android.app.ActivityManager.getRunningAppProcesses
- Suspicious use of android.app.ActivityManager.getRunningServices
- Suspicious use of android.app.ApplicationPackageManager.getInstalledPackages
- Suspicious use of android.telephony.TelephonyManager.getLine1Number
- Uses reflection
PID:4555

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads