4995801ec6eb570920a9c9541bfd04ba6828746327423cc4884d5a9cb5d5b2b2

Analysis

max time kernel
179s
max time network
157s
platform
android_x86
resource
android-x86-arm-20240514-en
resource tags

androidarch:armarch:x86image:android-x86-arm-20240514-enlocale:en-usos:android-9-x86system
submitted
23-05-2024 12:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Danak-v0.68-qa.2.apk
Size

8.7MB
MD5

0613b94a057a87b1a2f9ca7df4ffe1af
SHA1

2fbf3c47f31b0f4f61691d49ab8dd8bd499effcd
SHA256

4995801ec6eb570920a9c9541bfd04ba6828746327423cc4884d5a9cb5d5b2b2
SHA512

285d50ee64c444dbc36392f7136d0e4516ab63b10c833c59d390fa842cb772a258ae767efa6d49752ec15f2ae5424cddcaee2f75e1ed496bacd49d2dadc6e079
SSDEEP

196608:mjr+rIzHL9y6nQxncZPuaisclubF5HzmdHy+RHer4CP:S+UTLgsQxnquT4bDcS78CP

Score

8^/10

collection discovery evasion execution impact persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

org.kcis.savadd.child_fa:Metrica

ioc process

/system/app/Superuser.apk org.kcis.savadd.child_fa:Metrica
/sbin/su org.kcis.savadd.child_fa:Metrica

ioc	process
/system/app/Superuser.apk	org.kcis.savadd.child_fa:Metrica
/sbin/su	org.kcis.savadd.child_fa:Metrica

Requests cell location 1 TTPs 2 IoCs

Uses Android APIs to to get current cell information.

collection discovery

T1430

Processes:

org.kcis.savadd.child_fa:Metrica

description	ioc	process
Framework service call	com.android.internal.telephony.ITelephony.getAllCellInfo	org.kcis.savadd.child_fa:Metrica
Framework service call	com.android.internal.telephony.ITelephony.getCellLocation	org.kcis.savadd.child_fa:Metrica

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

T1541

Processes:

org.kcis.savadd.child_fa

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground org.kcis.savadd.child_fa
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

T1421

Processes:

org.kcis.savadd.child_fa:Metrica

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo org.kcis.savadd.child_fa:Metrica
Queries information about the current nearby Wi-Fi networks 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current nearby Wi-Fi networks.
discovery

T1421

Processes:

org.kcis.savadd.child_fa:Metrica

description ioc process

Framework service call android.net.wifi.IWifiManager.getScanResults org.kcis.savadd.child_fa:Metrica
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

org.kcis.savadd.child_fa:Metrica

description ioc process

Framework service call android.app.IActivityManager.registerReceiver org.kcis.savadd.child_fa:Metrica
Acquires the wake lock 1 IoCs

Processes:

org.kcis.savadd.child_fa

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock org.kcis.savadd.child_fa
Checks if the internet connection is available 1 TTPs 1 IoCs
discovery

T1421

Processes:

org.kcis.savadd.child_fa

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo org.kcis.savadd.child_fa
Reads information about phone network operator. 1 TTPs
discovery

T1422

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	org.kcis.savadd.child_fa

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	org.kcis.savadd.child_fa:Metrica

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getScanResults	org.kcis.savadd.child_fa:Metrica

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	org.kcis.savadd.child_fa:Metrica

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.kcis.savadd.child_fa

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	org.kcis.savadd.child_fa

Schedules tasks to execute at a specified time 1 TTPs 2 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

T1603

Processes:

org.kcis.savadd.child_fa:Metricaorg.kcis.savadd.child_fa

description	ioc	process
Framework service call	android.app.job.IJobScheduler.schedule	org.kcis.savadd.child_fa:Metrica
Framework service call	android.app.job.IJobScheduler.schedule	org.kcis.savadd.child_fa

Uses Crypto APIs (Might try to encrypt user data) 1 TTPs 1 IoCs
impact

T1471

Processes:

org.kcis.savadd.child_fa:Metrica

description ioc process

Framework API call javax.crypto.Cipher.doFinal org.kcis.savadd.child_fa:Metrica

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	org.kcis.savadd.child_fa:Metrica

org.kcis.savadd.child_fa
1⤵
- Makes use of the framework's foreground persistence service
- Acquires the wake lock
- Checks if the internet connection is available
- Schedules tasks to execute at a specified time
PID:4314

org.kcis.savadd.child_fa:Metrica
1⤵
- Checks if the Android device is rooted.
- Requests cell location
- Queries information about the current Wi-Fi connection
- Queries information about the current nearby Wi-Fi networks
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
- Uses Crypto APIs (Might try to encrypt user data)
PID:4372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.kcis.savadd.child_fa/databases/danak_db-journal
Filesize
8KB

MD5
230c9af32833acf68e152322526586f5

SHA1
e2185ce2dd05aebb218fcd872f6d120454155f32

SHA256
783a586f57fda0187ca3af4ad6ad37edd02d28fff726d0f202c2b1b05737b4a1

SHA512
bc31abd9755ab15697b29539f7571ef7002f65a0bf96a6d35de394fe573a9e919b7a2ba625ebd7b995dd56d0b7f671b02bfb8ed6129f32127b3e46abfb596558

Download Submit
/data/data/org.kcis.savadd.child_fa/databases/danak_db-shm
Filesize
32KB

MD5
c2cab80b9adbe29df567dcf474d58d16

SHA1
c4c15c3c04460c9540c3184270faf6fbaaf05bfe

SHA256
38ce77fd65b7324d17c4e963c90afb5c0114d792eaaaaa50e078d94b713c556c

SHA512
0abb063607a21bc6a9d93d7f5d82bf4be5aad8ecd903651cf5c4be9eb7d8cd7954dea4e2a624a03504e3a822c77de2a15fcca4fde5fd60487e22f733edf4f824

Download Submit
/data/data/org.kcis.savadd.child_fa/databases/danak_db-wal
Filesize
20KB

MD5
ce381e3905ecf94d59de44ba72d3fd97

SHA1
440c53f52c14e317560e2dfc668437c678082114

SHA256
79af147cf2701b366bf458b093984e63f8c2a914c47c84b43bf69a853bc084ed

SHA512
699c8593e4a2046399b4b0be4bb92d62738cf24927b735c5dff48482eba6afc00137a709a622ee3005a13de68cba01215e8b799de37ff73d8bd8143f2b323296

Download Submit
/data/data/org.kcis.savadd.child_fa/databases/danak_db-wal
Filesize
64KB

MD5
4a1a4ecc9ebf4b1683e739adf8643992

SHA1
a70389caece8290874301592bc08d77917e073dd

SHA256
f523b632536b06fcf73fc78859177b9148c6e4274ec4941858aa25499498fb55

SHA512
6c9e45fb1f31bee0878c45afc57235c601cd8ee2aaa9a73b52d875b20b7d0bed41405993105f18e0ff73a31ef73f76a1d64301d11520545b90be3aafa994abdc

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/androidx.work.workdb
Filesize
96KB

MD5
c4981c852403234f916c7296688b8ad9

SHA1
a79937d6aeceb260eefc5a448048bdad205274fa

SHA256
5d1fb2944cfa5a5ae35dfc4979d85cd16158211143b332204c558ca650c3c695

SHA512
492876a12c85f27d18d98f3126b55e9b90950d4b835c5e43f8a5c2c086d26f1a67216225074b418f71c3c424e93e9b67f363b23ec59ce8c0634c68ec6696f38e

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/androidx.work.workdb-journal
Filesize
36KB

MD5
dda3a691e96ae8e575aaebe8afbf71bc

SHA1
cedeabca9d6bdc48daab7203626f590b79045564

SHA256
e552599a826dd8212074cf9c8050657f13f3d87a8503bc4156a36b511359dc85

SHA512
096d772ad4bad2e25b54c486692ffbfcb2b8e8be677a539f361c1c7c4136a086b43e4eddbc3461e1e1c601da47ea388b354e10403328ff0522e259e92a0f5d46

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/androidx.work.workdb-shm
Filesize
406KB

MD5
1d5bac8a96104ed004920e713e333b13

SHA1
9205ee95ce555518bcfe8a044e7459ada76eb97b

SHA256
362319864f84b8ae4b2d88af993aedc3d8f2967c5b0868dac2e89ecfbe93ed4e

SHA512
81c26f61dd6192a04730798e5efc59edcfec4eb143dec37c480b3c4033a8b9ab04d587b6a2b243a415bed2a14fda331705f7443dbfd8a99da1ce24d5a17c7006

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/androidx.work.workdb-wal
Filesize
16KB

MD5
5e52227a1ae878d99c715d851888d344

SHA1
1f0480677c6a427d3bbc46389af565b3e08c5807

SHA256
9ca55064d0a56ded73725e1ca4c5eb14e001c402c31a140302cf23f8015b01e6

SHA512
6ef976c35baa3feecd571d21371e030b15773df4788f3c3cc727ece020d8e10590fa00f4dba08f5b442935dc41e5877733fab70c9e9cf1f720d9f60570180348

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/androidx.work.workdb-wal
Filesize
108KB

MD5
0200d08b31e4c74caf7b3e932739162b

SHA1
cbfad4845fae9a58b486317a1df9bfa99bb9e982

SHA256
830d72f596baee7f0dbb3f6252948e0edb5f6cdb7933ba5b98ab9a4a11661151

SHA512
8ff5ef6b7bc0aeac4b81f81742e104ef6fc0219885d8ec02ada12c5c29bb657a0991125a4dec1817680e25deba8a9ec35f5d1408e6584909f569911a67f17adf

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/androidx.work.workdb-wal
Filesize
301KB

MD5
035bb0a2bcb728580084ca09061e5ef6

SHA1
7d4131bdaa4f9f9885b936f4d4b3e2ce98b8816b

SHA256
47b2034f8f5f0704901bf08dcb9fb67b19959c3719005c1e85c794de99df7d92

SHA512
14d5262ed3e5b314e3e163229315662117e0c473a60d7b637b2c4ca3a820568b38c3574b91a0f6d06eba2a39c7c1fc55ed72f3caa38bfc4072ebabb41b3786de

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/db_metrica_org.kcis.savadd.child_fa_20799a27-fa80-4b36-b2db-0f8141f24180
Filesize
36KB

MD5
f8f509204733d93c33154dc4e68d6ea6

SHA1
181dac25af61e9ee2dc1c1e6461c42c168d90132

SHA256
f7fd7b8b9710bbc9fa8f462f2ac4a1b1e0743b5682c62263747f1ade8ea052da

SHA512
65a028fe7fdbd429aef53bf5b44440cf9981a7e447c3831db8f9143a21ec0547f4ce0b54facc686cf427e103b1c6d15b083cc411383171185288f86f04411285

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/db_metrica_org.kcis.savadd.child_fa_20799a27-fa80-4b36-b2db-0f8141f24180-journal
Filesize
8KB

MD5
ddee73273427f98a7f6abf5eaec70bd5

SHA1
a202d8d82097a0ffef6d90a1e5bbdd3e71cc48fb

SHA256
57507ff08a4a98603913ff80882cb02a4bdb5936b109cd22cebbff90d6e9c676

SHA512
99c61fc1108a57534077aa7c717f9079e9e1b3040baa31c5529294ff1fe3aaf5b107b186de89f60028b16042804bcb65ee34afe8d6eb92c13fbde5143e6e21a0

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/db_metrica_org.kcis.savadd.child_fa_20799a27-fa80-4b36-b2db-0f8141f24180-shm
Filesize
410KB

MD5
4d951927afe2420f13c08c711f9fed94

SHA1
107cdd2cc15e41571b67720434f0e9f902bab445

SHA256
c4f9a4032ed9c5f85be384dae494178923156032b25e758166c0269015c17415

SHA512
20cd0c0199f5dec3102f4e757e238e1b619b90f466b1694a597eb978f5d92216be2dcf8bd60ae51da417be930aca7284abcf0c6d1022695acaeb29a25026de63

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/db_metrica_org.kcis.savadd.child_fa_20799a27-fa80-4b36-b2db-0f8141f24180-wal
Filesize
402KB

MD5
c50b16ce3c078e81dabebfc8168c584b

SHA1
c9333550df8988efa532a55529c1d63d6d4ec0db

SHA256
ebf19279c19de7ceec0b7e3301dfce0fe997a88dcb98a41b03ce4d109154a5ad

SHA512
b6095491812ff9ec01d75e863ee0df8934d17d445568d7b2bb6079ba3d209380b0fdcc346a7b90bd788c3ab37e4f8d4dda7a202bea4cab024378eb15d30f62a1

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_aip.db-shm
Filesize
32KB

MD5
10eb1fdcc9af085e9d80afc4312a4782

SHA1
e8b4b198a68326d77c73bce5f34ac8d461190e3d

SHA256
796fca6a179ea6227bd5fd8817596ee0310907c2e46e5c0b2f61ca2a8464e26a

SHA512
ad80ede2b278ef22fb5d680db6cd4138a949587824d884e57a6590785f4e5b6cc0c5d89ecb504d895c00c47c3b24d8ea758f7d5ef4e95d29cc31d2fc42d4e53f

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db
Filesize
20KB

MD5
9f64216b041f43304f3c6f4770c8e7d6

SHA1
30a2d0d3cb06bfa3093b425fb310f5099d3b2a0d

SHA256
3c5821c26c37dffaf90b6fe8e9bf34a24c8c9e305d65aff523ea10a780be18b5

SHA512
f5f252f69869cc6ef0000e4ac55089caddfdc03d3fce2aac7b299cde8020425c3dc35769c96e368bb9243f3059f55b7e8c748ed9a18b4b22321849392d46fb90

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db
Filesize
20KB

MD5
f0b6bc7f614bd4e7f218a5a00216405a

SHA1
34b7b630b5b258720b73a5f105f30c624782df21

SHA256
f11e5948bee78f844577aed1503896fb0af866aabaf136e9708060809040138c

SHA512
32c9eccbfc543649f1b2640b4369451d0924125b5f329aef8bc1845f6514f36478038edc23b083fcc0522897a8a575981332519f5068c7dfc71247675f634fbe

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db
Filesize
32KB

MD5
42e7ee941467f276d2a78847ca46874e

SHA1
6c8b401c016854184ccb41d15310098c92b6b7be

SHA256
a326508deda5a23238369d45503fda0b29478aa93da8214a6bcab267d8e6b232

SHA512
ad7bf05d20eadf3213aa45a23951c0210112f458038bb6efbc130af9fc8f08dc1c422e4bdbd418badba218699f34a6f922e7cab0a7df11cf21ca471711255c9e

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db
Filesize
20KB

MD5
d8452f9ab3b849d6091d26324c8a2fb2

SHA1
b2cbe97403f2e26514b1acc91ce769c90affdd05

SHA256
c05ea378065697854964f5a104dbf9cadc9096516082f28eef8db66bcd66ca07

SHA512
416da21576826be12383885dbda27503be7684f64d0c094bbd4bfbd1a3d6180f0ff76454aeeff3b414f8a8875ec776f9577442e918f48d0f76939b5287b86339

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db
Filesize
20KB

MD5
232699140328ab9a4b43368200929bd5

SHA1
904033c309a6936eb08f980c0f747792bcc4efbd

SHA256
d935b23b0b6078dbb7846b05441b83d5c21da3000a6bd3f29806e25f02c96a65

SHA512
60aad107644fe24af98e2ac215e3d9a5edeeed60f3944091102e3ea2417d8d0632bae10ae0480bdf51d52bfa09a93d3e102aff65c61a98af30271a1e0ef49298

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db-journal
Filesize
512B

MD5
6ca2efff26d293d5557c80f3968296f4

SHA1
64a8685012711378eb9cd5cf3b906d43f0683c9b

SHA256
3675fadb715fb8d10ac6374a653b7ff9166928ffe56d22e5880283d4b96803a3

SHA512
df7453b34e07740b8ee9a12df241cca598ee7b5c3ca925a1fc5c6f57463657348700747e5646a2dc6b2d765467410eed43210ff35cdbe3303125a30364bbe096

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db-shm
Filesize
44KB

MD5
df441b4481f56b0126356c5466845c44

SHA1
096937c08640c94252b6cdb1c2c1bb53730f43e7

SHA256
f98c7b36fe5e1966ded37348956adab02385287d32b11d6eac865b94aac4d952

SHA512
627bf66ffd2770c320df2750a536b1f549992bd43487564ca23ce7346c42c8175687c2a2b0a73e7922e2e1709a1fdff680de99a45222328564bb33a73f9ebc53

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db-wal
Filesize
8KB

MD5
ea3f6ae2b12679a0e1918b4ec9b991e9

SHA1
403c902bf062243837f191f1e6e2a95840df0186

SHA256
d9945e4ba49d3f1a12b7b126752ae677437060db70441fb67f7c09a5ac811719

SHA512
86d337804879b947935e99f94bf5841cf9f422c6103eea175b07bfd2c295d4cd6e3d9a43c42bb1fd6b3b0c1351835c3b8f46a7d0898ca588652b66d6bbfd218a

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db-wal
Filesize
8KB

MD5
bf70f83ad5b27309b1c4422882647ad8

SHA1
4c22c3e077351dce5c047cc11f0e842a4050b3ac

SHA256
2940e333b4841ef218e7ce550f3fa9ff12cf05b4ff8a542bac662afa41c43d3f

SHA512
9296a1558bbe5ff7bad4b2320839ddc2eb1718cc7b48527f474828803e305d5454615009ab1d957441175b926a9ec23bf0e5d046c573994248f83e8602450f92

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db-wal
Filesize
8KB

MD5
f9027ecb60401d31d7d875833b65faa4

SHA1
c137f1de2e9a524cc6c7c49b4b3e859775ba890f

SHA256
78dbf527c2484f1839e982a8ca46ca696321d6cb6da1c9728bf86ff7e0be1bb5

SHA512
4e77e8201258bef968d1ffe7575ac43baef304810beb9f5985746c9bde9fca4a5e105a2e027d5c6b1f6492e6855a1ebecdc69476d773e1ee5687fa42d303e172

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db-wal
Filesize
8KB

MD5
607cddee84bd35a64a98d79c86a1eb57

SHA1
c4d10803f879a329a02fe2d7a022ba36cf6f5450

SHA256
220c69ba7be8aaee632ba86c4f7854ca701a574a5d21197a24f14e795bf87bd6

SHA512
e62298b0407a6613172f3c06a997c2eb43f325f1cef991689f470c64d3301390b026863579c4aac6e8393d4389ee94f6e9c438b9c131813656b147131b002fbc

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db-wal
Filesize
32KB

MD5
dde007f020764e22b7c1954584c241fb

SHA1
09d9c395a36ea919d31a55ea9afbd34735159975

SHA256
9f7064d1fadc8fec8d922951cc75b11edb267ef7bda8bc507a12e264d2f5510c

SHA512
8d2fc11ec966cd51a9e6e7d1d5af82eb25e4b42e5f5ab3ac364b89c3c43108df247d6091467aa4dc7c896c7ebd29311a207e411870e4d24e61e6d9f7158358c0

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_client_data.db-wal
Filesize
32KB

MD5
9c8d5ceef9f14af847c1b4aeca088ba4

SHA1
6e9e46eded14714d2005fde46170f40b49d41964

SHA256
ebb12796fe9a539e52783e6db26fdc1bd3c42076d34dd340d4dc26db4775971e

SHA512
c35e6184912187814cd9a97a382e310b3ce645c0775b23bceafe5dbf76d8336e4d85532285a70d2b643985545493a492f938ded32adc6cb041bbd59f5d427d0c

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/metrica_data.db-journal
Filesize
512B

MD5
d7fed1b8ce8ba6ab6966d0d3b37c52b3

SHA1
3cabd771a09cc23c4f72bfa9eed28f79a8d619f0

SHA256
a6a0cec6a79611a9b7d5ae57cb8e350cba4c9c5beb7504e7db31000150ef01c9

SHA512
2098077e89defdf9d2145158cc99bf79184737fea5582f65dfd8ed3f6cfce54a8edd5d9f7bc55ac0cf16c7b32b07bdb4a1a5f7c5a25fec84b88d2a5ec0b42aed

Download Submit
/data/data/org.kcis.savadd.child_fa/no_backup/uuid.dat
Filesize
402KB

MD5
0b2cb3adf2cf7643856995358eb1d683

SHA1
f09aa50ec6cf6d8fc0cf50ff87d47c6e621c9765

SHA256
4bba6cee0692e6114c84e1b107def73bf600147243659b6f9908873c77227d55

SHA512
37f021f9eaff95f894a8bdca1a811671370e581cd6a66fc5cf4adf027df9a36aed99a0bc5fc4cc3f11b36e9f42418d0eb11527bc14059bedc968734a1bbebd2c

Download Submit