4995801ec6eb570920a9c9541bfd04ba6828746327423cc4884d5a9cb5d5b2b2

Analysis

max time kernel
179s
max time network
157s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23/05/2024, 12:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Danak-v0.68-qa.2.apk
Size

8.7MB
MD5

0613b94a057a87b1a2f9ca7df4ffe1af
SHA1

2fbf3c47f31b0f4f61691d49ab8dd8bd499effcd
SHA256

4995801ec6eb570920a9c9541bfd04ba6828746327423cc4884d5a9cb5d5b2b2
SHA512

285d50ee64c444dbc36392f7136d0e4516ab63b10c833c59d390fa842cb772a258ae767efa6d49752ec15f2ae5424cddcaee2f75e1ed496bacd49d2dadc6e079
SSDEEP

196608:mjr+rIzHL9y6nQxncZPuaisclubF5HzmdHy+RHer4CP:S+UTLgsQxnquT4bDcS78CP

Score

8^/10

collection discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs

evasion

System Information Discovery

T1426

ioc	Process
/system/app/Superuser.apk	org.kcis.savadd.child_fa:Metrica
/sbin/su	org.kcis.savadd.child_fa:Metrica

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

Location Tracking

T1430

description	ioc	Process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	org.kcis.savadd.child_fa:Metrica
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	org.kcis.savadd.child_fa:Metrica

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	org.kcis.savadd.child_fa

Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	org.kcis.savadd.child_fa:Metrica

Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs

Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.wifi.IWifiManager.getScanResults	org.kcis.savadd.child_fa:Metrica

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	org.kcis.savadd.child_fa:Metrica

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.kcis.savadd.child_fa

Checks if the internet connection is available 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	org.kcis.savadd.child_fa

Reads information about phone network operator. 1 TTPs
discovery

System Network Configuration Discovery
T1422

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	org.kcis.savadd.child_fa:Metrica
Framework service call	android.app.job.IJobScheduler.schedule	org.kcis.savadd.child_fa

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs

impact

Data Encrypted for Impact

T1471

description	ioc	Process
Framework API call	javax.crypto.Cipher.doFinal	org.kcis.savadd.child_fa:Metrica

org.kcis.savadd.child_fa
1⤵
- Makes use of the framework's foreground persistence service
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4314

org.kcis.savadd.child_fa:Metrica
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4372

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Credential Access

Discovery

Location Tracking

T1430

System Information Discovery

T1426

System Network Configuration Discovery

T1422

System Network Connections Discovery

T1421

Lateral Movement

Collection

Location Tracking

T1430

Command and Control

Exfiltration

Impact

Data Encrypted for Impact

T1471

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.kcis.savadd.child_fa/databases/danak_db-journal

Filesize
8KB

MD5
230c9af32833acf68e152322526586f5

SHA1
e2185ce2dd05aebb218fcd872f6d120454155f32

SHA256
783a586f57fda0187ca3af4ad6ad37edd02d28fff726d0f202c2b1b05737b4a1

SHA512
bc31abd9755ab15697b29539f7571ef7002f65a0bf96a6d35de394fe573a9e919b7a2ba625ebd7b995dd56d0b7f671b02bfb8ed6129f32127b3e46abfb596558

Download Submit
/data/data/org.kcis.savadd.child_fa/databases/danak_db-shm

Filesize
32KB

MD5
c2cab80b9adbe29df567dcf474d58d16

SHA1
c4c15c3c04460c9540c3184270faf6fbaaf05bfe

SHA256
38ce77fd65b7324d17c4e963c90afb5c0114d792eaaaaa50e078d94b713c556c

SHA512
0abb063607a21bc6a9d93d7f5d82bf4be5aad8ecd903651cf5c4be9eb7d8cd7954dea4e2a624a03504e3a822c77de2a15fcca4fde5fd60487e22f733edf4f824

Download Submit
/data/data/org.kcis.savadd.child_fa/databases/danak_db-wal

Filesize
20KB

MD5
ce381e3905ecf94d59de44ba72d3fd97

SHA1
440c53f52c14e317560e2dfc668437c678082114

SHA256
79af147cf2701b366bf458b093984e63f8c2a914c47c84b43bf69a853bc084ed

SHA512
699c8593e4a2046399b4b0be4bb92d62738cf24927b735c5dff48482eba6afc00137a709a622ee3005a13de68cba01215e8b799de37ff73d8bd8143f2b323296

Download Submit
/data/data/org.kcis.savadd.child_fa/databases/danak_db-wal

Filesize
64KB

MD5
4a1a4ecc9ebf4b1683e739adf8643992

SHA1
a70389caece8290874301592bc08d77917e073dd

SHA256
f523b632536b06fcf73fc78859177b9148c6e4274ec4941858aa25499498fb55

SHA512
6c9e45fb1f31bee0878c45afc57235c601cd8ee2aaa9a73b52d875b20b7d0bed41405993105f18e0ff73a31ef73f76a1d64301d11520545b90be3aafa994abdc

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/androidx.work.workdb

Filesize
96KB

MD5
c4981c852403234f916c7296688b8ad9

SHA1
a79937d6aeceb260eefc5a448048bdad205274fa

SHA256
5d1fb2944cfa5a5ae35dfc4979d85cd16158211143b332204c558ca650c3c695

SHA512
492876a12c85f27d18d98f3126b55e9b90950d4b835c5e43f8a5c2c086d26f1a67216225074b418f71c3c424e93e9b67f363b23ec59ce8c0634c68ec6696f38e

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/androidx.work.workdb-journal

Filesize
36KB

MD5
dda3a691e96ae8e575aaebe8afbf71bc

SHA1
cedeabca9d6bdc48daab7203626f590b79045564

SHA256
e552599a826dd8212074cf9c8050657f13f3d87a8503bc4156a36b511359dc85

SHA512
096d772ad4bad2e25b54c486692ffbfcb2b8e8be677a539f361c1c7c4136a086b43e4eddbc3461e1e1c601da47ea388b354e10403328ff0522e259e92a0f5d46

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/androidx.work.workdb-shm

Filesize
406KB

MD5
1d5bac8a96104ed004920e713e333b13

SHA1
9205ee95ce555518bcfe8a044e7459ada76eb97b

SHA256
362319864f84b8ae4b2d88af993aedc3d8f2967c5b0868dac2e89ecfbe93ed4e

SHA512
81c26f61dd6192a04730798e5efc59edcfec4eb143dec37c480b3c4033a8b9ab04d587b6a2b243a415bed2a14fda331705f7443dbfd8a99da1ce24d5a17c7006

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
5e52227a1ae878d99c715d851888d344

SHA1
1f0480677c6a427d3bbc46389af565b3e08c5807

SHA256
9ca55064d0a56ded73725e1ca4c5eb14e001c402c31a140302cf23f8015b01e6

SHA512
6ef976c35baa3feecd571d21371e030b15773df4788f3c3cc727ece020d8e10590fa00f4dba08f5b442935dc41e5877733fab70c9e9cf1f720d9f60570180348

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
0200d08b31e4c74caf7b3e932739162b

SHA1
cbfad4845fae9a58b486317a1df9bfa99bb9e982

SHA256
830d72f596baee7f0dbb3f6252948e0edb5f6cdb7933ba5b98ab9a4a11661151

SHA512
8ff5ef6b7bc0aeac4b81f81742e104ef6fc0219885d8ec02ada12c5c29bb657a0991125a4dec1817680e25deba8a9ec35f5d1408e6584909f569911a67f17adf

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/androidx.work.workdb-wal

Filesize
301KB

MD5
035bb0a2bcb728580084ca09061e5ef6

SHA1
7d4131bdaa4f9f9885b936f4d4b3e2ce98b8816b

SHA256
47b2034f8f5f0704901bf08dcb9fb67b19959c3719005c1e85c794de99df7d92

SHA512
14d5262ed3e5b314e3e163229315662117e0c473a60d7b637b2c4ca3a820568b38c3574b91a0f6d06eba2a39c7c1fc55ed72f3caa38bfc4072ebabb41b3786de

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/db_metrica_org.kcis.savadd.child_fa_20799a27-fa80-4b36-b2db-0f8141f24180

Filesize
36KB

MD5
f8f509204733d93c33154dc4e68d6ea6

SHA1
181dac25af61e9ee2dc1c1e6461c42c168d90132

SHA256
f7fd7b8b9710bbc9fa8f462f2ac4a1b1e0743b5682c62263747f1ade8ea052da

SHA512
65a028fe7fdbd429aef53bf5b44440cf9981a7e447c3831db8f9143a21ec0547f4ce0b54facc686cf427e103b1c6d15b083cc411383171185288f86f04411285

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/db_metrica_org.kcis.savadd.child_fa_20799a27-fa80-4b36-b2db-0f8141f24180-journal

Filesize
8KB

MD5
ddee73273427f98a7f6abf5eaec70bd5

SHA1
a202d8d82097a0ffef6d90a1e5bbdd3e71cc48fb

SHA256
57507ff08a4a98603913ff80882cb02a4bdb5936b109cd22cebbff90d6e9c676

SHA512
99c61fc1108a57534077aa7c717f9079e9e1b3040baa31c5529294ff1fe3aaf5b107b186de89f60028b16042804bcb65ee34afe8d6eb92c13fbde5143e6e21a0

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/db_metrica_org.kcis.savadd.child_fa_20799a27-fa80-4b36-b2db-0f8141f24180-shm

Filesize
410KB

MD5
4d951927afe2420f13c08c711f9fed94

SHA1
107cdd2cc15e41571b67720434f0e9f902bab445

SHA256
c4f9a4032ed9c5f85be384dae494178923156032b25e758166c0269015c17415

SHA512
20cd0c0199f5dec3102f4e757e238e1b619b90f466b1694a597eb978f5d92216be2dcf8bd60ae51da417be930aca7284abcf0c6d1022695acaeb29a25026de63

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/db_metrica_org.kcis.savadd.child_fa_20799a27-fa80-4b36-b2db-0f8141f24180-wal

Filesize
402KB

MD5
c50b16ce3c078e81dabebfc8168c584b

SHA1
c9333550df8988efa532a55529c1d63d6d4ec0db

SHA256
ebf19279c19de7ceec0b7e3301dfce0fe997a88dcb98a41b03ce4d109154a5ad

SHA512
b6095491812ff9ec01d75e863ee0df8934d17d445568d7b2bb6079ba3d209380b0fdcc346a7b90bd788c3ab37e4f8d4dda7a202bea4cab024378eb15d30f62a1

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_aip.db-shm

Filesize
32KB

MD5
10eb1fdcc9af085e9d80afc4312a4782

SHA1
e8b4b198a68326d77c73bce5f34ac8d461190e3d

SHA256
796fca6a179ea6227bd5fd8817596ee0310907c2e46e5c0b2f61ca2a8464e26a

SHA512
ad80ede2b278ef22fb5d680db6cd4138a949587824d884e57a6590785f4e5b6cc0c5d89ecb504d895c00c47c3b24d8ea758f7d5ef4e95d29cc31d2fc42d4e53f

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db

Filesize
20KB

MD5
9f64216b041f43304f3c6f4770c8e7d6

SHA1
30a2d0d3cb06bfa3093b425fb310f5099d3b2a0d

SHA256
3c5821c26c37dffaf90b6fe8e9bf34a24c8c9e305d65aff523ea10a780be18b5

SHA512
f5f252f69869cc6ef0000e4ac55089caddfdc03d3fce2aac7b299cde8020425c3dc35769c96e368bb9243f3059f55b7e8c748ed9a18b4b22321849392d46fb90

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db

Filesize
20KB

MD5
f0b6bc7f614bd4e7f218a5a00216405a

SHA1
34b7b630b5b258720b73a5f105f30c624782df21

SHA256
f11e5948bee78f844577aed1503896fb0af866aabaf136e9708060809040138c

SHA512
32c9eccbfc543649f1b2640b4369451d0924125b5f329aef8bc1845f6514f36478038edc23b083fcc0522897a8a575981332519f5068c7dfc71247675f634fbe

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db

Filesize
32KB

MD5
42e7ee941467f276d2a78847ca46874e

SHA1
6c8b401c016854184ccb41d15310098c92b6b7be

SHA256
a326508deda5a23238369d45503fda0b29478aa93da8214a6bcab267d8e6b232

SHA512
ad7bf05d20eadf3213aa45a23951c0210112f458038bb6efbc130af9fc8f08dc1c422e4bdbd418badba218699f34a6f922e7cab0a7df11cf21ca471711255c9e

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db

Filesize
20KB

MD5
d8452f9ab3b849d6091d26324c8a2fb2

SHA1
b2cbe97403f2e26514b1acc91ce769c90affdd05

SHA256
c05ea378065697854964f5a104dbf9cadc9096516082f28eef8db66bcd66ca07

SHA512
416da21576826be12383885dbda27503be7684f64d0c094bbd4bfbd1a3d6180f0ff76454aeeff3b414f8a8875ec776f9577442e918f48d0f76939b5287b86339

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db

Filesize
20KB

MD5
232699140328ab9a4b43368200929bd5

SHA1
904033c309a6936eb08f980c0f747792bcc4efbd

SHA256
d935b23b0b6078dbb7846b05441b83d5c21da3000a6bd3f29806e25f02c96a65

SHA512
60aad107644fe24af98e2ac215e3d9a5edeeed60f3944091102e3ea2417d8d0632bae10ae0480bdf51d52bfa09a93d3e102aff65c61a98af30271a1e0ef49298

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db-journal

Filesize
512B

MD5
6ca2efff26d293d5557c80f3968296f4

SHA1
64a8685012711378eb9cd5cf3b906d43f0683c9b

SHA256
3675fadb715fb8d10ac6374a653b7ff9166928ffe56d22e5880283d4b96803a3

SHA512
df7453b34e07740b8ee9a12df241cca598ee7b5c3ca925a1fc5c6f57463657348700747e5646a2dc6b2d765467410eed43210ff35cdbe3303125a30364bbe096

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db-shm

Filesize
44KB

MD5
df441b4481f56b0126356c5466845c44

SHA1
096937c08640c94252b6cdb1c2c1bb53730f43e7

SHA256
f98c7b36fe5e1966ded37348956adab02385287d32b11d6eac865b94aac4d952

SHA512
627bf66ffd2770c320df2750a536b1f549992bd43487564ca23ce7346c42c8175687c2a2b0a73e7922e2e1709a1fdff680de99a45222328564bb33a73f9ebc53

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
ea3f6ae2b12679a0e1918b4ec9b991e9

SHA1
403c902bf062243837f191f1e6e2a95840df0186

SHA256
d9945e4ba49d3f1a12b7b126752ae677437060db70441fb67f7c09a5ac811719

SHA512
86d337804879b947935e99f94bf5841cf9f422c6103eea175b07bfd2c295d4cd6e3d9a43c42bb1fd6b3b0c1351835c3b8f46a7d0898ca588652b66d6bbfd218a

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
bf70f83ad5b27309b1c4422882647ad8

SHA1
4c22c3e077351dce5c047cc11f0e842a4050b3ac

SHA256
2940e333b4841ef218e7ce550f3fa9ff12cf05b4ff8a542bac662afa41c43d3f

SHA512
9296a1558bbe5ff7bad4b2320839ddc2eb1718cc7b48527f474828803e305d5454615009ab1d957441175b926a9ec23bf0e5d046c573994248f83e8602450f92

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
f9027ecb60401d31d7d875833b65faa4

SHA1
c137f1de2e9a524cc6c7c49b4b3e859775ba890f

SHA256
78dbf527c2484f1839e982a8ca46ca696321d6cb6da1c9728bf86ff7e0be1bb5

SHA512
4e77e8201258bef968d1ffe7575ac43baef304810beb9f5985746c9bde9fca4a5e105a2e027d5c6b1f6492e6855a1ebecdc69476d773e1ee5687fa42d303e172

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db-wal

Filesize
8KB

MD5
607cddee84bd35a64a98d79c86a1eb57

SHA1
c4d10803f879a329a02fe2d7a022ba36cf6f5450

SHA256
220c69ba7be8aaee632ba86c4f7854ca701a574a5d21197a24f14e795bf87bd6

SHA512
e62298b0407a6613172f3c06a997c2eb43f325f1cef991689f470c64d3301390b026863579c4aac6e8393d4389ee94f6e9c438b9c131813656b147131b002fbc

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
dde007f020764e22b7c1954584c241fb

SHA1
09d9c395a36ea919d31a55ea9afbd34735159975

SHA256
9f7064d1fadc8fec8d922951cc75b11edb267ef7bda8bc507a12e264d2f5510c

SHA512
8d2fc11ec966cd51a9e6e7d1d5af82eb25e4b42e5f5ab3ac364b89c3c43108df247d6091467aa4dc7c896c7ebd29311a207e411870e4d24e61e6d9f7158358c0

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db-wal

Filesize
32KB

MD5
9c8d5ceef9f14af847c1b4aeca088ba4

SHA1
6e9e46eded14714d2005fde46170f40b49d41964

SHA256
ebb12796fe9a539e52783e6db26fdc1bd3c42076d34dd340d4dc26db4775971e

SHA512
c35e6184912187814cd9a97a382e310b3ce645c0775b23bceafe5dbf76d8336e4d85532285a70d2b643985545493a492f938ded32adc6cb041bbd59f5d427d0c

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_data.db-journal

Filesize
512B

MD5
d7fed1b8ce8ba6ab6966d0d3b37c52b3

SHA1
3cabd771a09cc23c4f72bfa9eed28f79a8d619f0

SHA256
a6a0cec6a79611a9b7d5ae57cb8e350cba4c9c5beb7504e7db31000150ef01c9

SHA512
2098077e89defdf9d2145158cc99bf79184737fea5582f65dfd8ed3f6cfce54a8edd5d9f7bc55ac0cf16c7b32b07bdb4a1a5f7c5a25fec84b88d2a5ec0b42aed

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/uuid.dat

Filesize
402KB

MD5
0b2cb3adf2cf7643856995358eb1d683

SHA1
f09aa50ec6cf6d8fc0cf50ff87d47c6e621c9765

SHA256
4bba6cee0692e6114c84e1b107def73bf600147243659b6f9908873c77227d55

SHA512
37f021f9eaff95f894a8bdca1a811671370e581cd6a66fc5cf4adf027df9a36aed99a0bc5fc4cc3f11b36e9f42418d0eb11527bc14059bedc968734a1bbebd2c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads