3d0905a83af9b9023dafa5e810c806b5c092e722e23e03729d46f04038fec450

Analysis

max time kernel
9s
max time network
132s
platform
android_x64
resource
android-x64-arm64-20240611.1-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240611.1-enlocale:en-usos:android-11-x64system
submitted
12/06/2024, 16:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d0905a83af9b9023dafa5e810c806b5c092e722e23e03729d46f04038fec450.apk
Size

720KB
MD5

5d93fc584a6a1965b1084e1ccbb05f0a
SHA1

b7f6dec62e0b19ee8408e346ea78e08dc748479b
SHA256

3d0905a83af9b9023dafa5e810c806b5c092e722e23e03729d46f04038fec450
SHA512

8d01662725606f58c81acf85e8eb1bdabc0f58e4c677c05f4d27a158f53f6ace5c1f882d833236f17aa47beae6f8b08730f144e73f791186b4eec1f8376cbae5
SSDEEP

12288:4Y7m3eTXBpr4PW9LtSPDUw4gpim/F+8QM10kMAbHduTxvycjbyS0M3vxMbU:4Y7m3eTBppi4w4gc+Gc0kpbHduYKz0gJ

Score

7^/10

banker discovery evasion

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Checks the application is allowed to request package installs through the package installer 1 TTPs 1 IoCs

Checks the application is allowed to install additional applications (Might try to install applications from unknown sources).

evasion

Code Signing Policy Modification

T1632.001

description	ioc	Process
Framework service call	android.content.pm.IPackageManager.canRequestPackageInstalls	com.ku.installer

com.ku.installer
1⤵
- Checks the application is allowed to request package installs through the package installer
PID:4467

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1632

Code Signing Policy Modification

T1632.001

Credential Access

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.ku.installer/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

Filesize
8B

MD5
0d7ef4564c15b06b60b7fbf8cbdf2f4d

SHA1
fa89e1f731c5f71e91f2f0f7ebda2207b444b4c2

SHA256
a41f7eef4c1251b745d99117cc36d268496597a7437541e11250a3a53a2eb432

SHA512
476a2d98fc55ea28175523de8e31e024e57e583e59e5dad4c385648c51fa4450f68d8d7738b6a98c4bcd901cb35ad3f6b155ac593abff8ca99b02bdde7ced104

Download Submit
/data/misc/profiles/cur/0/com.ku.installer/primary.prof

Filesize
465B

MD5
99dae73367e6bd284891b60b3b26c2c9

SHA1
39a1f61bc8caf06c1d47846064d352261fdd37e7

SHA256
857c4f52b34f6c55e84e98b8c45c506b3bd3780bb84b7c30a043c9005465e314

SHA512
6b4a8d853e771dfe7cb3c219e2e1c5272b4e92959bcb3ed8dfdb11eeda39adb88d0506e570f27ef3641e68537686c8dd2a6accd51f867d347fb95093f98e0552

Download Submit