General
-
Target
KrinkoOp.apk
-
Size
5.4MB
-
Sample
240814-cwdkyavejd
-
MD5
de099258fa67f1801cc3784160bc37dc
-
SHA1
7e9e8f223a23e297d124550775ddbd47e5cb76d2
-
SHA256
26f0a9ba3832d464e2b26ad4f30b0e431221fbb99081ec0c833fa00976446023
-
SHA512
d381ff7dc95c15e613baf6a0a47f8b6f4bfe1ba97fe89b03e8302ddc8ea2972bd1eb020eaaba3bdc37cac1d577cbb5a9ebe665745e9e3ddc61cfc0749265efd4
-
SSDEEP
98304:9Y9gedMDQEiR5VKUAgR3Vuf7ymmd6Lg922QxroTUe0t:29g6MRwQK3OwGg9LPT2t
Behavioral task
behavioral1
Sample
KrinkoOp.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
KrinkoOp.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
KrinkoOp.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
childapp.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral5
Sample
childapp.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral6
Sample
childapp.apk
Resource
android-x64-arm64-20240624-en
Malware Config
Targets
-
-
Target
KrinkoOp.apk
-
Size
5.4MB
-
MD5
de099258fa67f1801cc3784160bc37dc
-
SHA1
7e9e8f223a23e297d124550775ddbd47e5cb76d2
-
SHA256
26f0a9ba3832d464e2b26ad4f30b0e431221fbb99081ec0c833fa00976446023
-
SHA512
d381ff7dc95c15e613baf6a0a47f8b6f4bfe1ba97fe89b03e8302ddc8ea2972bd1eb020eaaba3bdc37cac1d577cbb5a9ebe665745e9e3ddc61cfc0749265efd4
-
SSDEEP
98304:9Y9gedMDQEiR5VKUAgR3Vuf7ymmd6Lg922QxroTUe0t:29g6MRwQK3OwGg9LPT2t
Score1/10 -
-
-
Target
childapp.apk
-
Size
9.3MB
-
MD5
c823398194ffcb88a6c468778de5d177
-
SHA1
3c2d5c8dc9df1c87c9070a0119b25070d2f49efd
-
SHA256
a2c47d36bc98eb2a0681d601469beca29ee8b3c76769776cc21ac57253f9c631
-
SHA512
81822cc22ee5e3bc368ff60d904994f07eb0fcd15359fe5ffb6ea005c84bb3881d74828a2d86fd8757017a3bd28496a4d151a750b844b6ae8771029477fa24bf
-
SSDEEP
98304:V4zBJTHmz6Sv2PQIMFc3PSxX+U4et470tqvizr7+fpS:UGz6SvAQMEV4eak8fpS
-
Makes use of the framework's Accessibility service
Retrieves information displayed on the phone screen using AccessibilityService.
-
Acquires the wake lock
-
Makes use of the framework's foreground persistence service
Application may abuse the framework's foreground service to continue running in the foreground.
-