3d0905a83af9b9023dafa5e810c806b5c092e722e23e03729d46f04038fec450

Analysis

max time kernel
9s
max time network
154s
platform
android_x64
resource
android-x64-20240611.1-en
resource tags

androidarch:x64arch:x86image:android-x64-20240611.1-enlocale:en-usos:android-10-x64system
submitted
12/06/2024, 16:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d0905a83af9b9023dafa5e810c806b5c092e722e23e03729d46f04038fec450.apk
Size

720KB
MD5

5d93fc584a6a1965b1084e1ccbb05f0a
SHA1

b7f6dec62e0b19ee8408e346ea78e08dc748479b
SHA256

3d0905a83af9b9023dafa5e810c806b5c092e722e23e03729d46f04038fec450
SHA512

8d01662725606f58c81acf85e8eb1bdabc0f58e4c677c05f4d27a158f53f6ace5c1f882d833236f17aa47beae6f8b08730f144e73f791186b4eec1f8376cbae5
SSDEEP

12288:4Y7m3eTXBpr4PW9LtSPDUw4gpim/F+8QM10kMAbHduTxvycjbyS0M3vxMbU:4Y7m3eTBppi4w4gc+Gc0kpbHduYKz0gJ

Score

7^/10

banker discovery evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.ku.installer

com.ku.installer
1⤵
- Checks the application is allowed to request package installs through the package installer
PID:5163

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ku.installer/files/profileInstalled

Filesize
24B

MD5
be9b3fc2c7b45cbbb42da8f386e09bae

SHA1
43b4e966ec3cd309ed04f3b6d3d30f08bb7f5f7c

SHA256
472525d88f05fbb19b7b173a24c42fee9cc1b866a9c03a93b2228ea350ecd923

SHA512
e9fc81703aea2d4c5129c11d7525f39d210dc4f053f9b5f0d19962c943a7cca1a1268bf3e2f1a4c74f72f3d8bee8611693fd95e66539cf841a779752ed6a378d

Download Submit
/data/data/com.ku.installer/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
3c1edba963605b1f4b531bc1c3ce3a20

SHA1
05500a9a9afdab47f247afd5f5981380e4c839a3

SHA256
97ccff738a1d90292aadf534b2783836d291badcf99ecbf2dcdca4a0fbfc4cd2

SHA512
0d7575aed1218785ccd29734bd52d206640ae8da1656f4ef801521eed0a19af09f0273b530a48976f2cd9dbf8965e99427916cd996278b3508a3e2046f907d24

Download Submit
/data/misc/profiles/cur/0/com.ku.installer/primary.prof

Filesize
465B

MD5
99dae73367e6bd284891b60b3b26c2c9

SHA1
39a1f61bc8caf06c1d47846064d352261fdd37e7

SHA256
857c4f52b34f6c55e84e98b8c45c506b3bd3780bb84b7c30a043c9005465e314

SHA512
6b4a8d853e771dfe7cb3c219e2e1c5272b4e92959bcb3ed8dfdb11eeda39adb88d0506e570f27ef3641e68537686c8dd2a6accd51f867d347fb95093f98e0552

Download Submit