da435693eef56a630261db9552b3c1edcd5cfd7ee75bc141a75d6593b9d6ac59

Analysis

max time kernel
47s
max time network
1137s
platform
android_x64
resource
android-x64-arm64-20240514-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240514-enlocale:en-usos:android-11-x64system
submitted
23-05-2024 21:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

keymapper-2.6.0.apk
Size

5.2MB
MD5

60a715d72821705e44b0e4da6bf6b477
SHA1

a041fdee1cee8f57db6fce0460a6af2fab072aa8
SHA256

da435693eef56a630261db9552b3c1edcd5cfd7ee75bc141a75d6593b9d6ac59
SHA512

e388ec947e0305d8384828ab287b081baaad9f488fdaff5b2a768beae9b81d3d2e0176c17cda2e1ea36cd90d1f81bcf936ae1edb42079b63e0c95fb3cb7b7f75
SSDEEP

49152:+cu5jgLBXkJ9xZyfCGTjSP4F0yEdCrslHtg5V7XaBuwV+cHZaGxETDvegDmKqmnm:05Us9xwfZF9EdCY9p5aGWT9n2ofrt+Ic

Score

8^/10

banker discovery evasion execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Loads dropped Dex/Jar 1 TTPs 2 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

io.github.sds100.keymapper

ioc	pid	process
/system_ext/framework/androidx.window.sidecar.jar	4622	io.github.sds100.keymapper
/system_ext/framework/androidx.window.sidecar.jar	4622	io.github.sds100.keymapper

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
execution persistence

Scheduled Task/Job
T1603

Processes:

io.github.sds100.keymapper

description ioc process

Framework service call android.app.job.IJobScheduler.schedule io.github.sds100.keymapper

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	io.github.sds100.keymapper

io.github.sds100.keymapper
1⤵
- Loads dropped Dex/Jar
- Schedules tasks to execute at a specified time
PID:4622

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/io.github.sds100.keymapper/databases/key_map_database-journal

Filesize
512B

MD5
2e1034975fff05c6a9034015b3e8ca40

SHA1
2a60ec359c176b11b9624071619409edb8bcd445

SHA256
c26dd19f9dff6101981db9fc357679bfc120e88c37bfb4ee11fb011ca7cdde49

SHA512
36001c465d48ec5a9b0ff60f645a6eae8a09fb213e69cd27f6a62e88a9519a7d87f5371e3c32067ef8a7f84e5ed681d90d399c563dc28c1ffc6a91cc1f61b1bf

Download Submit
/data/data/io.github.sds100.keymapper/databases/key_map_database-wal

Filesize
16KB

MD5
ab19a4805adbc7fcd98c4f2e32cf1ca7

SHA1
11f45e50c4e9d2246ea27301699e350dbbf5b772

SHA256
b1ca9d6b575336ba915badfe14e1617f06f30ff1c5b5ae2e3a1a1d5fab4ff824

SHA512
9c0f0b72292cd2910b1a316169304251b005af2670bbc767e395de2e8a28780139885f42a62375910a8bc6d945b33527cf56b5ecea78e94b79cd32cc3f30b0ae

Download Submit
/data/data/io.github.sds100.keymapper/databases/key_map_database-wal

Filesize
44KB

MD5
6a570d9fef2e73ec0485dbeb45ee7ed1

SHA1
220bc97ec0d4483e36e90b891a3f03f7dde0bc7a

SHA256
2ec5ce805198ea3c7e73f8dd58edb337c59b4cdd31aa8f122e1965c51fa48997

SHA512
fa41db078592ffcea46adcc439aa533ef8cc4a26b0b025eec5b06a99f16d54ab14d13cede77acc6b44a76225ff4b7164f269d3baeb9225ee31be35b2e1d99fa6

Download Submit
/data/data/io.github.sds100.keymapper/databases/key_map_database-wal

Filesize
76KB

MD5
100798b1d1414edf8a52270cdc529bea

SHA1
e765243381098541f5213c8eba762ef80a8f3a4d

SHA256
64d5544149d7c617275ecf03a921fa8612017b2657314605293e33d3db6d10f8

SHA512
61bac85707993aa48d65063649629356a4c1e7cf086de751e6d4f29b88d2c89ad48426c08684928e2c7a0e7f50efbb4cecc50f4c5b4d4b2b407670506c605bcf

Download Submit
/data/data/io.github.sds100.keymapper/databases/key_map_database-wal

Filesize
88KB

MD5
41069aded5f4a84d5076ec4317cb3648

SHA1
64d553908d826199d72fe47443f11047702bc10a

SHA256
bcfcb1e1e02de8425bdfe2ff478ab4a088b8a7a3e7da9ef9d3cac670cfec0af1

SHA512
8fe2bea5e75831a221599af30d1965cd4f6cd1955eb0bad3a303e07ff9825e2c4734f1355c5d7f2c2eb85268489551ebe9e3e935e8d3a98b7e60c2b9d329e068

Download Submit
/data/data/io.github.sds100.keymapper/files/datastore/preferences.preferences_pb.tmp

Filesize
38B

MD5
15939bee3c551f11709859ac2d761191

SHA1
1665d88c09a0fc2a6efaf145c95879e5ee549433

SHA256
74bcf5efd85852652460549538d083a31dd627808e3823ba39170f7aad2d206e

SHA512
f8b5848b1ed21193e1ae63be4664460f5968cdc319ae57953813699576d8433560636cb26d34a11efd74661898a5d115e2f508c5486213e23b0bde62f35cdf9e

Download Submit
/data/data/io.github.sds100.keymapper/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
64f050fc427128df0ca70708a533a33c

SHA1
4583752fda285bdd0cdf94da4024825ed0030267

SHA256
084c4ae1f72171ebb5839b2bf80f358ae20c18cd601884d4a18e598979d574e9

SHA512
43eab0db3694d563e498393898af5b73e8d9cacf422ef063d7f0454141c7b36b6cbc523adb4f659ffd2511f4f72e48511026b460789ead805068b57e7c91677f

Download Submit
/data/data/io.github.sds100.keymapper/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/io.github.sds100.keymapper/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
11321ebd206a95a5f13019eeb4fa735e

SHA1
e38e81d83fed0c691290d48eab215fde8bf4df28

SHA256
b177935cc7b9832c85e353b4c80a73df910cb0720065ed6c7a06019bd809783d

SHA512
98e20183160afa228e6729d0e48547663c7e34daefae2e34873029e82c37a30e6b9cde12699980d346366bb3069e270245c476772bb4c81fbb12e9e058fde3ea

Download Submit
/data/data/io.github.sds100.keymapper/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/io.github.sds100.keymapper/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
7965a209914349c96495b695cd5ebcdb

SHA1
3aa040d53120f0ab00f338323989a9b343b2ffe6

SHA256
b8079d5a6af43ea09bf5f974b4d72939a65f50e7ee04383f2ac65d808cff36a1

SHA512
b114f2fe809987f32a009723e941b06ed8e66ca09b7c7f93dac53481cdcade4cc27e0a2c695ef31177b36f908705009b3a26da8f2a3610543b8f198d5f8b587a

Download Submit
/data/data/io.github.sds100.keymapper/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
18d5711d5a8d106d0377780525925f85

SHA1
f9a98e2423a71a1ba95c5b7f344d3b5d3263f8e5

SHA256
26c9831b95b1f123901dd17d6809d11e35d271d4c204f2256d49f751a205c6f4

SHA512
d5533689e281de384c0ab472d23ed63e4924e5ffb614fbb657dfb3e9a95edacbb959518728cd8b43eab101b160562c46f97ba76fe32e83ad2ffa82fb25a082bc

Download Submit
/data/misc/profiles/cur/0/io.github.sds100.keymapper/primary.prof

Filesize
1KB

MD5
759d465fbbe7c643f07fdcce50902d81

SHA1
50b53ab94cdfac7561f17ab0295c5587033a7324

SHA256
659e9e083e65e36536e992e4a11c9c59c89dfe2839438223c817c15309ce5dd0

SHA512
fe59ec7646db52f6fa1827f67abb7759dadb0cd73212ca8bf12d50c469b0b359a589c458d720631ffcc795ea4ae9f3cefe6774be56c7d6922be063c931b0b74b

Download Submit
/data/misc/profiles/cur/0/io.github.sds100.keymapper/primary.prof

Filesize
10KB

MD5
c91462dcdafe91dd3823935c8cc3aa10

SHA1
c99fff7d6bc24d3aab514ca49bf3afead795414e

SHA256
d88aee85e9d8da415a2bc41aea39543370ea3b7bdc5ca723abf176d78999cb49

SHA512
36037e9d509e3f021cb03555b354ec1861552aa485ae4ece4da46401b79c6cc241bbb6ee1c2b7b3151304992f187fcb7446db29da2439ed1b8139f6ece466c3f

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
12KB

MD5
bdf3529e80318eb14e53a5bf3720c10d

SHA1
25c9ace4b1af6e80ebb2572345972c56505969ba

SHA256
bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b

SHA512
48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

Download Submit