b40677960a502ad6fd49c80a32af068e1cd99a0b64cbc7eab30ad80466ea3821

Analysis

max time kernel
179s
max time network
139s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
21-05-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b40677960a502ad6fd49c80a32af068e1cd99a0b64cbc7eab30ad80466ea3821.apk
Size

2.2MB
MD5

ba10592d0221435596912c97f6947ca4
SHA1

10a63661ad743a25e5dce2e0a8549abbca2615fc
SHA256

b40677960a502ad6fd49c80a32af068e1cd99a0b64cbc7eab30ad80466ea3821
SHA512

4ea2f322513a8c902919df5b9b650d78b0faf80a7af4defe1f85c848ffb6cf143ed637293252a2e3a28383011526db1c44e5e7da06c162a06a84de2ea0e4897a
SSDEEP

49152:O8xPNZB8O1Qpw5BrDXj071d12Hdaf1sQNGgXBHjrrmoZfD:FxPN731YwLj0Zb2Yf1ljrrm2L

Score

7^/10

discovery evasion persistence

Malware Config

Signatures

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	com.kero.ilogisticsko

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	com.kero.ilogisticsko

Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs

evasion

User Evasion

T1628.002

description	ioc	Process
Intent action	android.settings.REQUEST_IGNORE_BATTERY_OPTIMIZATIONS	com.kero.ilogisticsko

com.kero.ilogisticsko
1⤵
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks if the internet connection is available
- Requests disabling of battery optimizations (often used to enable hiding in the background).
PID:4307

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Privilege Escalation

Defense Evasion

Hide Artifacts

T1628

User Evasion

T1628.002

Credential Access

Discovery

System Network Connections Discovery

T1421

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.kero.ilogisticsko/files/mmkv/mmkv.default

Filesize
4KB

MD5
620f0b67a91f7f74151bc5be745b7110

SHA1
1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d

SHA256
ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7

SHA512
2d23913d3759ef01704a86b4bee3ac8a29002313ecc98a7424425a78170f219577822fd77e4ae96313547696ad7d5949b58e12d5063ef2ee063b595740a3a12d

Download Submit