e75af86214947ac6c0f151173c76eb00f23f26ba71564b3a8beca28245695723

Analysis

max time kernel
18s
max time network
162s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
12-06-2024 14:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

KWGT_v3.74b.apk
Size

31.1MB
MD5

1ff8e528d5996e04bcf97d6802c8a293
SHA1

8f4ff17ba085aa3a52176d6af17cf89ea21f8c3f
SHA256

e75af86214947ac6c0f151173c76eb00f23f26ba71564b3a8beca28245695723
SHA512

8b7fc24d16ed0f307c52abd00e4a3040743a9627fce2c0caf02432d69060c8498e05e9956a3230600a39c5d76b5a7927b16b699b96c2c4ae9b5bbe048b5b42c6
SSDEEP

786432:6FtX5+prflh09k2k2kRCusUS/+P/PmdWkawUwvheJV79FaRVf:6TJ+Tak2kxs3bawfUJDFa3

Score

8^/10

discovery evasion persistence

Malware Config

Signatures

Checks if the Android device is rooted. 1 TTPs 2 IoCs
evasion

T1426

Processes:

org.kustom.widget:editor

ioc process

/system/xbin/su org.kustom.widget:editor
/system/app/Superuser.apk org.kustom.widget:editor
Acquires the wake lock 1 IoCs

Processes:

org.kustom.widget:editor

description ioc process

Framework service call android.os.IPowerManager.acquireWakeLock org.kustom.widget:editor
Queries information about active data network 1 TTPs 1 IoCs
discovery

T1421

Processes:

org.kustom.widget:editor

description ioc process

Framework service call android.net.IConnectivityManager.getActiveNetworkInfo org.kustom.widget:editor
Checks the presence of a debugger
evasion
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
persistence

T1624.001

Processes:

org.kustom.widget:editor

description ioc process

Framework service call android.app.IActivityManager.registerReceiver org.kustom.widget:editor
Checks memory information 2 TTPs 1 IoCs

T1633.001

T1426

Processes:

org.kustom.widget:editor

description ioc process

File opened for read /proc/meminfo org.kustom.widget:editor

ioc	process
/system/xbin/su	org.kustom.widget:editor
/system/app/Superuser.apk	org.kustom.widget:editor

description	ioc	process
Framework service call	android.os.IPowerManager.acquireWakeLock	org.kustom.widget:editor

description	ioc	process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	org.kustom.widget:editor

description	ioc	process
Framework service call	android.app.IActivityManager.registerReceiver	org.kustom.widget:editor

description	ioc	process
File opened for read	/proc/meminfo	org.kustom.widget:editor

org.kustom.widget:editor
1⤵
- Checks if the Android device is rooted.
- Acquires the wake lock
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks memory information
PID:5260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/org.kustom.widget/databases/com.google.android.datatransport.events
Filesize
56KB

MD5
e567eaadb5d0ef3a0f58f328a7ef5553

SHA1
c1fe4d6d4c39812f18fce30c1a23dfe6e9e7ba96

SHA256
267f906826627fe01f69278f899ef5ac7694fe8f8d73a66da9ab46a0325fa6cc

SHA512
cd48c0a2125efa02dac145837bdd9433c792126d61f983492b4cdea5f6498acdc5660c1f606ee4ae912ab765212c38599817c2db7faef1a70fedad1f3a031813

Download Submit
/data/data/org.kustom.widget/databases/com.google.android.datatransport.events-journal
Filesize
512B

MD5
9dc521bedf866e18c030ab55dda62184

SHA1
284c970e5fcd9f2a6a29ee72a23e14937e8764c8

SHA256
cc0cceaa5e56f2388bf8c8ea7c3a9ce4a6432b9595388b283a4a507b36702247

SHA512
e1876a090296aec9999104c8a9bbd307f0d71935c529fcb65214f0307173ba8d3a4e4844a76c3cd5446d32a8815910c84ec5f0a854c547894ac626dd8db8883d

Download Submit
/data/data/org.kustom.widget/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
0c589c4770b66792ec609f837a1d0a70

SHA1
e86dce1b67873130471effe62cac6f01222de860

SHA256
409adee614562e8e135af616c206693c38c766fbc262ccbe5f4a44137daa7013

SHA512
4403c61142648d2ab6e6f4c54cc259b28ece01a5a45ac132716b032bfc7c13a926b9a93b437f1171384dcbf4273f470a156747c071231fdd3faa7c9290cc1f85

Download Submit
/data/data/org.kustom.widget/databases/com.google.android.datatransport.events-journal
Filesize
8KB

MD5
76f7fbe468ad3d07b7ef84b4b5a5550b

SHA1
a979e2a25e5e1fcbb628eb8e61a48925095cc5d5

SHA256
554426eebd1f18fbc6fba480c35b18ff1693ccc644d144d223cfde3820085d2d

SHA512
fb6eb0adb8626ae26f426a26a64bf4c4431427a1dfb1f3b45963fdf6d445c5cc825e5d0e8bc8b6c85e151e701779e16752b529535912964abb5d726497231669

Download Submit
/data/data/org.kustom.widget/databases/google_app_measurement_local.db
Filesize
16KB

MD5
c756d29a2a8a2d14f7ab312ce8a7a27e

SHA1
5ecb5397d7342f5980dec46ba50998c889a8f878

SHA256
dac179f7170e7760b8b6cafbd24989ceb51b82e1cdce10db321de03bece00674

SHA512
248b6b317ad45f3facb97a6b5dd668f9298d3587f6f4a5bfeaa0729fa2d1da8c09d244b95b5db4abb19a7f499fe02699ec39a400718397fbbac73cae1cf50ffa

Download Submit
/data/data/org.kustom.widget/databases/google_app_measurement_local.db
Filesize
16KB

MD5
064cab7679ce730116cdb3b390897fc7

SHA1
d3ad5dbb9b5ad6b74f472dfc5c2b860a53899507

SHA256
199899547f15e83658a225966ec177539ed3a4966bde59f9312c4b5613a35624

SHA512
d76f981cd681ffc1205313ced0ba36a441e22f9532ce9c90542adc0f8125543897b4b326b8860a9dfb9e13e08832915c2406e42962cc64ec4f3cad4a0d411253

Download Submit
/data/data/org.kustom.widget/databases/google_app_measurement_local.db
Filesize
16KB

MD5
25015d49318913b24ad2111a96176ff0

SHA1
733e141272ddfbaf55a616b35d62f286f7904c2d

SHA256
c2239bf391e0a889087831a23b8952a62285cb29ba3f936bdc21476f41995d8a

SHA512
e8ee6cfa554207c9a25157fc04e5eda65e040ffaa5766979ebdd3ad5b7016ff99da7e5508c38af46c1e9207f313acf378f5f3e6a3f1dae585a60a34583f184a2

Download Submit
/data/data/org.kustom.widget/databases/google_app_measurement_local.db
Filesize
16KB

MD5
fc291aecc6861cb954b4486f2fe03ac3

SHA1
c943c701291d03cf3cc824d9d87f14887bf89643

SHA256
1f1b15128dbf1dd6fe4b2a122b69dbfa8438c4e32ae714bd1ca238750bc043f5

SHA512
957a194aa0988af0e66fcefebf9fd4668fa4cd2b116a4bebeaaa48e1d4580dab994e983af12ab95a49047538b727f688b228748c359e5cee6c32ad312564bb2a

Download Submit
/data/data/org.kustom.widget/databases/google_app_measurement_local.db
Filesize
16KB

MD5
7436c7d358b6fb3b3b91d5ac20156fc5

SHA1
f12d16216671f3e683e8c84ee99cf2f4069b6ceb

SHA256
1611a164aca46ef632917d098721221fa9c46e25ef1fdd2bd4ceb34263946083

SHA512
ece5e663406a5342b6746f8c8b66c0ce7737366715bcef7c2d6513f914298c708bd81ecfea72ad612746fe630533052f0dc087cdb5f9ef70086d6fefe21b98e1

Download Submit
/data/data/org.kustom.widget/databases/google_app_measurement_local.db
Filesize
16KB

MD5
6f80c720174f59e408694981b8f0a5b9

SHA1
6f496d9f74e2dc90cefe1080e8b84ee57736d36b

SHA256
d76f16ff5330a8a1c9fe6d621e5cc349fc0ee4a095acfa1bb4110b6ea365bff8

SHA512
24677ce1546e6b62a2a14cc2b3b24e99d326551121bab004af31f5359ae6e6df8aae73679c274700243c35fdaeb97d1670f5693902116b27cefa3db6ca6f76c0

Download Submit
/data/data/org.kustom.widget/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
d17d6b664a9ed63a5dca3361c8bfbc81

SHA1
f4bc095c9ea8a79c27a07d218180fa30a2de118f

SHA256
f5d76a7d479ddd07c272a56c2467d4c2de7614a0c64d1c220a89abb5df70665a

SHA512
fe7206978e8f644e74845009fcada514276281b19ae3ccb042d2cb49eeef89a2a0cf5ab5fcbc9ed3ce23be289dbf8e93f75803379ea0c5248da27096ffac7c8f

Download Submit
/data/data/org.kustom.widget/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
bbfdbbfe2f018c6577780391da1945a7

SHA1
b5d92691d013fc8abd16f8af2afd36937576f138

SHA256
b2d989d40d1740e606a17f69a34e702f5c26be0deb5f930a0550abd73ed7b380

SHA512
41eb247e266f705c2d81246066a20a4a806f7ca25181bd5426433d5b15d0c12af87e5b540bbf2a69a53444a80579a11337f02ac2c72697454ab46dbbac05bacc

Download Submit
/data/data/org.kustom.widget/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
18c27a31acbf2806827086c043ee4b5c

SHA1
f4e232126891e6448934f0fdd4bbdac408db857c

SHA256
fa9e6c53e2db2c967f89ba6a6454cf5407553513129d79956d31933d6fef04d5

SHA512
db69630db66d6d0723d52132192cbc4687c8b9b84fc43b5f615e72775b2cf43d8b6f931387d344a3dc1b8f623bca04b8440296e624e3884324ca0771d294f5ff

Download Submit
/data/data/org.kustom.widget/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
c29fc4c1d168aa7930c8e8b743246b35

SHA1
99e45652df9c80c7338dcc50622d0929a3270450

SHA256
42f9d5db3c06f8fdd78868ae840c1e3cf9d30fdbd8cafc060f870e14bb2e4c6e

SHA512
25ba616c12b264e59080ad29da1bd3a46019f8362ddeb60c04445fb8ca8454c0bb02c0e43966d00660560a8ab0ecb057596bb7918ece1f7b12555b94122b8e2f

Download Submit
/data/data/org.kustom.widget/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
db61c15b612d0e2ed0d6ef2da64583c6

SHA1
a154a57aea17478566230c6b58d43eb3baf67c4f

SHA256
95f990430446c077232d6247d359ac038f8e199e702efb1c479239265a83bb5c

SHA512
f5d48259643aa8147f9dc2bfcfbea1236ca4bcdda066a39dad6870829ac1fb48b6b82edfc61aa73c9a4f7b0b6a9321816455d8d6ff80af2fea38d33328fbd25c

Download Submit
/data/data/org.kustom.widget/databases/google_app_measurement_local.db-journal
Filesize
8KB

MD5
38acb6549cafff42fc51b91766eb0230

SHA1
956695467f14f3ee1b2341d7867db10f00845515

SHA256
81ba07630604392880496834316e99c6115cdaed48c214fa65ede9616d8428e7

SHA512
982ea7b3c90ed230f13b221eade98ebee2b559b580ce46ad2f876156921884cdf2268cf806c0604d8eab989d4b54b3448a10c5f04ae325bf759f1840ac3ec39a

Download Submit
/data/data/org.kustom.widget/files/.com.google.firebase.crashlytics.files.v2:org.kustom.widget_editor/com.crashlytics.settings.json
Filesize
713B

MD5
98acab3691abeaf80e5bf8eb1fa160a7

SHA1
d385a341bd4573a48c7a2c01f09c4765a53d687d

SHA256
02be0fb8df085b2f68938e2d695bfaae4075a5912c6e212ade59d27614ef955f

SHA512
9060f8b13d0e40fe64670024fc956d2312821e4b89d967fbb2cd230437b6bd28e94aa2a4c72ec927e71ced6b919a3794d7cda6153086cf495958b90c7910f545

Download Submit
/data/data/org.kustom.widget/files/.com.google.firebase.crashlytics.files.v2:org.kustom.widget_editor/open-sessions/6669B7B600700001148C06E791A793BE/report
Filesize
769B

MD5
c77c2aa36dfd1b3928e63f2fb1f1513b

SHA1
4367638d67ed7b7b8820560097419ec81666cf6f

SHA256
f9ee9a7e981979a3b8abdb302b64cb8eaf45b60ee4d3de0a279ff4eb91950450

SHA512
2b1e332c7c4a2d385a8c34ad3dddc93ff4f7c2e0f0ef1f2ad3703698f062630876d8494bf1d39f6e5581ab926bc38fe118eff2e06d594a72377fca2e095078e2

Download Submit
/data/data/org.kustom.widget/files/.com.google.firebase.crashlytics.files.v2:org.kustom.widget_editor/open-sessions/6669B7B600700001148C06E791A793BE/userlog
Filesize
1KB

MD5
e101e4b41cdf59173f0baf5503a64da5

SHA1
6a8dccb4b5360e89a85b6848a7704a8722f9a990

SHA256
2c6f4eefe32d2e891c583462ee20f4de6f02e6fa2b2b83d3c4431ee633e27060

SHA512
534871119d4b802bdc35b39edfc132a30a5ab4b6e562746ad1fdd590237e79a0323688b95c2403c566a849188982f06137b8e6ea35176329b52e520a2f29a611

Download Submit
/data/data/org.kustom.widget/files/.com.google.firebase.crashlytics.files.v2:org.kustom.widget_editor/open-sessions/6669B7B600700001148C06E791A793BE/userlog.tmp
Filesize
16B

MD5
c33583fae4e0b61cde1c5b9227963237

SHA1
fe2ebe4d27469af1460f7e852031a04208ef629b

SHA256
35c6d6e5b93657e4a741a1cec71c21813fe05aab219909ebbb0f62fb0ae648dc

SHA512
fa09047004bec791b23f0dade0b64f8ab9bbd67555505e0d0818f6e89dfe56f474df80db0786d081d36adf23a5bacea40275ba043444a3a85d3d9612575bdd1e

Download Submit
/data/data/org.kustom.widget/files/PersistedInstallation7051897724930528627tmp
Filesize
90B

MD5
0f9bfa42f132694053deb4d0430420a6

SHA1
f9dfc8c3c0305b9c8a765762ee3d713ac904968f

SHA256
2f1b64973dfd7397b13a91951b768a601935c4011b7866a3ea771ea678b7d87d

SHA512
b3451e34c54b9a9e00376e0977f66c2422ac6aa1a385ffccb112d921179e7666c02303cab752259e5c94e4c59a7371dd64d2a12d5619632b4f138e8d8f3bedec

Download Submit
/data/data/org.kustom.widget/files/PersistedInstallation7085661805923718694tmp
Filesize
561B

MD5
a4db0847e94ef5e18499797a1aee0dff

SHA1
c9f7998e1bcd17f7133a65fb6b7db98514703f25

SHA256
5af0eb4416a0dda76ba6c5d21785be63867d895a3f972a21e4a7553283f57ff9

SHA512
bae0f84b9372508b262b6f5ef1dc836ba206ee486e1209efe15ca710903a495030a4d034cfa4893d820d5790d801033844adf775bd9bcf8aa3df81fdc85c9289

Download Submit
/data/data/org.kustom.widget/files/frc_1:415510900161:android:b9af1b0edbcc3626_firebase_defaults.json
Filesize
57KB

MD5
a8fe71e4c3a36d5d4af1a86321326deb

SHA1
4f0229b1ff96af447505c0256a1317fc8067235e

SHA256
ffd4dca7e58fbee4ac30c37efc1e5ac0470f6924bef9b2517370a071971364f5

SHA512
f1f2872514b7c8f40c8941d1097ab46240eb03eda59ca0deb95e7801222d05ac15dbe9bbcc6554e0dd6085e1968f14c461881e3901cb92dcbf0e1fbdda29628d

Download Submit
/data/data/org.kustom.widget/files/profileInstalled
Filesize
24B

MD5
162e9c02331fc2169c3c3a4f26b675ee

SHA1
5c37ee55ff2f15c29f156f897ad21a3fdbc1642c

SHA256
a1ca62ebb815213b283376c6a84ffb6605176082708488648847f4d95f8ca93d

SHA512
3ac682d16bedf960ecc5007c41af53dd66e67081373d9fa57c08d0757e9f44875c4521dccb1d014988c411c1ccbdcb6d13cdbae7aea84fa1e50cc4cbfe5ed8fc

Download Submit
/data/data/org.kustom.widget/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
Filesize
8B

MD5
c41c905b55a74abbf46fa1adbee4a212

SHA1
cd1942fdf84b28d70adefd459d0b090365129557

SHA256
69fc8066798448c8a3a275309bbbb2351677271d469b9b9ddf964b9a8ffc3fd8

SHA512
271a21f84b8b1e0394d21cf0c6561bbd402ae662a0a75192001b7239c9bae5aa90364f8c2c3b1018144dd32f29905a4cb11489fc17cbef683528f33342e44f9f

Download Submit
/data/data/org.kustom.widget/no_backup/androidx.work.workdb-wal
Filesize
160KB

MD5
2dd7610fd89ebfd2f964e81df15cd811

SHA1
86cc40a82ccbb585c16197c0b2421be5ea38b99d

SHA256
b9469cc10bfe61a773011c7280a3e796c7531ecde965e5eaf7c210796cf68e95

SHA512
57e0598c9047f5f8cdd64d783c7024ec4b2325a29e783f44c2ca6d570148dbaa0aa51afd151f608c8bbf0a2c2972d539ff77ddc6591600c34d2def7a2410709e

Download Submit
/data/misc/profiles/cur/0/org.kustom.widget/primary.prof
Filesize
12KB

MD5
3a0a7d2dc82b366dddcd339259746e4e

SHA1
926d3022a0f83cbef31df219b68b4b242ce9e4d0

SHA256
134458ea5562e28f28ec37ddbee832d4901c91e63ba82ec3b27744b04ae9af1d

SHA512
2de2b1edb63340f6ed997f679ac7bb9e6391cbd42a3d8f9d37ae41e0ce3e9b7bd85ce32fa6c6c20ab315f02ddc4fa9e2c34f0f988ddfd9738f701e846564b53e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads