Analysis
-
max time kernel
4022059s -
max time network
45s -
platform
android_x86 -
resource
android-x86_arm -
submitted
20-04-2021 14:41
Static task
static1
Behavioral task
behavioral1
Sample
7c75278cde374bd26e36a893db24ecdfec8320145d94df56a93e5cd535422395.apk
Resource
android-x86_arm
Behavioral task
behavioral2
Sample
7c75278cde374bd26e36a893db24ecdfec8320145d94df56a93e5cd535422395.apk
Resource
android-x86_64_arm64
General
-
Target
7c75278cde374bd26e36a893db24ecdfec8320145d94df56a93e5cd535422395.apk
-
Size
3.3MB
-
MD5
41314ab620474f7b26e21a406fb37844
-
SHA1
462f4e0bb338a869536f244aab58c26cce5880af
-
SHA256
7c75278cde374bd26e36a893db24ecdfec8320145d94df56a93e5cd535422395
-
SHA512
642893067364d16b3906fdd166d86b879026f6e5af991cac93442df394caa92e8b4dea9dbf73116039b1c98598c8f219af16c4269728f1016673295f6a3d4130
Malware Config
Extracted
Signatures
-
Processes:
com.ledinstaandroidpost.android.ledantipid process 4020 com.ledinstaandroidpost.android.ledanti -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.ledinstaandroidpost.android.ledanti/system/bin/dex2oatioc pid process /data/user/0/com.ledinstaandroidpost.android.ledanti/cache/of87oaufaldjawdjkw.dex 4020 com.ledinstaandroidpost.android.ledanti /data/user/0/com.ledinstaandroidpost.android.ledanti/cache/of87oaufaldjawdjkw.dex 4270 /system/bin/dex2oat -
Requests enabling of the accessibility settings. 1 IoCs
Processes:
com.ledinstaandroidpost.android.ledantidescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS com.ledinstaandroidpost.android.ledanti -
Uses reflection 4 IoCs
Processes:
com.ledinstaandroidpost.android.ledantidescription pid process Invokes method dalvik.system.CloseGuard.get 4020 com.ledinstaandroidpost.android.ledanti Invokes method dalvik.system.CloseGuard.open 4020 com.ledinstaandroidpost.android.ledanti Invokes method com.android.org.conscrypt.ConscryptFileDescriptorSocket.setUseSessionTickets 4020 com.ledinstaandroidpost.android.ledanti Invokes method com.android.org.conscrypt.ConscryptFileDescriptorSocket.setHostname 4020 com.ledinstaandroidpost.android.ledanti
Processes
-
com.ledinstaandroidpost.android.ledanti1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Requests enabling of the accessibility settings.
- Uses reflection
-
com.ledinstaandroidpost.android.ledanti2⤵
-
/system/bin/dex2oat2⤵
- Loads dropped Dex/Jar