a24d5675055ac5e277e5d7a154ebc0a7b78de237dc1578176f1c73f5abc42baa

Analysis

max time kernel
141s
max time network
151s
platform
android-11_x64
resource
android-x64-arm64-20240910-en
resource tags

arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
submitted
23-10-2024 17:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

KSVOD.apk
Size

1.3MB
MD5

fdf276b076ed7718ac0a866c8d4e6ecb
SHA1

5b86133e44b8e8fd9bdc136daf5a29bd89035ed7
SHA256

da03e321938477a4182e64e27da08a7f2f72392131df0b17835a6cef5fb4d814
SHA512

44e61314b7f0fc0a9a9d43e9d93a751ac068f6130694c413468667cf40705700f73a502f1464b6796904062f9e5d0525361822fe1ac30618239b420231188b4c
SSDEEP

24576:XILs8qdMXFjEwN+E5LetTw2+eCeIUx1CmTfu6fWcYQ9B//KqwcLBVM19:47qdqFjEZDJlCeIIZTfu/cY4CgNO19

Score

7^/10

collection credential_access discovery impact

Malware Config

Signatures

Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
collection credential_access impact

Clipboard Data
T1414

Transmitted Data Manipulation
T1641.001

Processes:

com.kandian.vodapp

description ioc process

Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.kandian.vodapp
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
collection

Stored Application Data
T1409

Processes:

com.kandian.vodapp

description ioc process

Framework service call android.accounts.IAccountManager.getAccountsAsUser com.kandian.vodapp
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
discovery

System Network Connections Discovery
T1421

Processes:

com.kandian.vodapp

description ioc process

Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kandian.vodapp
Checks CPU information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.kandian.vodapp

description ioc process

File opened for read /proc/cpuinfo com.kandian.vodapp
Checks memory information 2 TTPs 1 IoCs

System Checks
T1633.001

System Information Discovery
T1426

Processes:

com.kandian.vodapp

description ioc process

File opened for read /proc/meminfo com.kandian.vodapp

description	ioc	process
Framework service call	android.content.IClipboard.addPrimaryClipChangedListener	com.kandian.vodapp

description	ioc	process
Framework service call	android.accounts.IAccountManager.getAccountsAsUser	com.kandian.vodapp

description	ioc	process
Framework service call	android.net.wifi.IWifiManager.getConnectionInfo	com.kandian.vodapp

description	ioc	process
File opened for read	/proc/cpuinfo	com.kandian.vodapp

description	ioc	process
File opened for read	/proc/meminfo	com.kandian.vodapp

com.kandian.vodapp
1⤵
- Obtains sensitive information copied to the device clipboard
- Queries account information for other applications stored on the device
- Queries information about the current Wi-Fi connection
- Checks CPU information
- Checks memory information
PID:4616

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1633

System Checks

T1633.001

Credential Access

Clipboard Data

T1414

Discovery

System Information Discovery

T1426

System Network Connections Discovery

T1421

Lateral Movement

Collection

Clipboard Data

T1414

Stored Application Data

T1409

Command and Control

Exfiltration

Impact

Data Manipulation

T1641

Transmitted Data Manipulation

T1641.001

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/com.kandian.vodapp/cache/.system/Runtime.dat

Filesize
74B

MD5
541540980748019d4625042c9cef878e

SHA1
ec4124ffe72f7199cb98d23e790f193fde3073a4

SHA256
b75a2693af96a22ba8607bdfd8ba0a7b5a4cd121b7869f6ffab800df25b4d3a7

SHA512
fed65eedb8523a7e3d4adeae4b505af9c7305839d17175624d967cea6a289afc7d3e65c728485085ae81d9405c05da6efb8c88a6b4ab19a20b8f9f0297fa4597

Download Submit
/data/user/0/com.kandian.vodapp/files/mobclick_agent_cached_com.kandian.vodapp

Filesize
105B

MD5
5395ce917909bf1d6263beee50a31567

SHA1
7a790afd81b15f17f8c89eb892eff146e4b14071

SHA256
efeb72405927dbf95840affe459b4351622947b535c01398017a24cb9df5d0cb

SHA512
094be867fc8d2f82ef57efde7377fc296cfeace97757cb2079feebb50f6a1836cb939321772e14f4d754e31d379a21e136258ddba4b071d24000559576ee5fe3

Download Submit