Analysis
-
max time kernel
4022172s -
max time network
157s -
platform
android_x86_64 -
resource
android-x86_64_arm64 -
submitted
20-04-2021 14:41
Static task
static1
Behavioral task
behavioral1
Sample
7c75278cde374bd26e36a893db24ecdfec8320145d94df56a93e5cd535422395.apk
Resource
android-x86_arm
Behavioral task
behavioral2
Sample
7c75278cde374bd26e36a893db24ecdfec8320145d94df56a93e5cd535422395.apk
Resource
android-x86_64_arm64
General
-
Target
7c75278cde374bd26e36a893db24ecdfec8320145d94df56a93e5cd535422395.apk
-
Size
3.3MB
-
MD5
41314ab620474f7b26e21a406fb37844
-
SHA1
462f4e0bb338a869536f244aab58c26cce5880af
-
SHA256
7c75278cde374bd26e36a893db24ecdfec8320145d94df56a93e5cd535422395
-
SHA512
642893067364d16b3906fdd166d86b879026f6e5af991cac93442df394caa92e8b4dea9dbf73116039b1c98598c8f219af16c4269728f1016673295f6a3d4130
Malware Config
Extracted
Signatures
-
Processes:
com.ledinstaandroidpost.android.ledantipid process 4129 com.ledinstaandroidpost.android.ledanti -
Loads dropped Dex/Jar 2 IoCs
Runs executable file dropped to the device during analysis.
Processes:
com.ledinstaandroidpost.android.ledantiioc pid process /data/user/0/com.ledinstaandroidpost.android.ledanti/cache/of87oaufaldjawdjkw.dex 4129 com.ledinstaandroidpost.android.ledanti /data/user/0/com.ledinstaandroidpost.android.ledanti/cache/of87oaufaldjawdjkw.dex 4129 com.ledinstaandroidpost.android.ledanti -
Requests enabling of the accessibility settings. 1 IoCs
Processes:
com.ledinstaandroidpost.android.ledantidescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS com.ledinstaandroidpost.android.ledanti -
Uses reflection 10 IoCs
Processes:
com.ledinstaandroidpost.android.ledantidescription pid process Invokes method dalvik.system.CloseGuard.get 4129 com.ledinstaandroidpost.android.ledanti Invokes method dalvik.system.CloseGuard.open 4129 com.ledinstaandroidpost.android.ledanti Invokes method com.android.org.conscrypt.ConscryptEngineSocket.setUseSessionTickets 4129 com.ledinstaandroidpost.android.ledanti Invokes method com.android.org.conscrypt.ConscryptEngineSocket.setHostname 4129 com.ledinstaandroidpost.android.ledanti Invokes method com.android.org.conscrypt.OpenSSLSocketImpl.setAlpnProtocols 4129 com.ledinstaandroidpost.android.ledanti Invokes method com.android.org.conscrypt.OpenSSLSocketImpl.getAlpnSelectedProtocol 4129 com.ledinstaandroidpost.android.ledanti Invokes method dalvik.system.CloseGuard.get 4129 com.ledinstaandroidpost.android.ledanti Invokes method dalvik.system.CloseGuard.open 4129 com.ledinstaandroidpost.android.ledanti Invokes method dalvik.system.CloseGuard.get 4129 com.ledinstaandroidpost.android.ledanti Invokes method dalvik.system.CloseGuard.open 4129 com.ledinstaandroidpost.android.ledanti