Analysis
-
max time kernel
141s -
max time network
151s -
platform
android-11_x64 -
resource
android-x64-arm64-20240910-en -
resource tags
arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system -
submitted
23-10-2024 17:45
Static task
static1
Behavioral task
behavioral1
Sample
KSVOD.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
KSVOD.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
KSVOD.apk
Resource
android-x64-arm64-20240910-en
General
-
Target
KSVOD.apk
-
Size
1.3MB
-
MD5
fdf276b076ed7718ac0a866c8d4e6ecb
-
SHA1
5b86133e44b8e8fd9bdc136daf5a29bd89035ed7
-
SHA256
da03e321938477a4182e64e27da08a7f2f72392131df0b17835a6cef5fb4d814
-
SHA512
44e61314b7f0fc0a9a9d43e9d93a751ac068f6130694c413468667cf40705700f73a502f1464b6796904062f9e5d0525361822fe1ac30618239b420231188b4c
-
SSDEEP
24576:XILs8qdMXFjEwN+E5LetTw2+eCeIUx1CmTfu6fWcYQ9B//KqwcLBVM19:47qdqFjEZDJlCeIIZTfu/cY4CgNO19
Malware Config
Signatures
-
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
Processes:
com.kandian.vodappdescription ioc process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.kandian.vodapp -
Queries account information for other applications stored on the device 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect account information stored on the device.
Processes:
com.kandian.vodappdescription ioc process Framework service call android.accounts.IAccountManager.getAccountsAsUser com.kandian.vodapp -
Queries information about the current Wi-Fi connection 1 TTPs 1 IoCs
Application may abuse the framework's APIs to collect information about the current Wi-Fi connection.
Processes:
com.kandian.vodappdescription ioc process Framework service call android.net.wifi.IWifiManager.getConnectionInfo com.kandian.vodapp -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.kandian.vodappdescription ioc process File opened for read /proc/cpuinfo com.kandian.vodapp -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.kandian.vodappdescription ioc process File opened for read /proc/meminfo com.kandian.vodapp
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
74B
MD5541540980748019d4625042c9cef878e
SHA1ec4124ffe72f7199cb98d23e790f193fde3073a4
SHA256b75a2693af96a22ba8607bdfd8ba0a7b5a4cd121b7869f6ffab800df25b4d3a7
SHA512fed65eedb8523a7e3d4adeae4b505af9c7305839d17175624d967cea6a289afc7d3e65c728485085ae81d9405c05da6efb8c88a6b4ab19a20b8f9f0297fa4597
-
Filesize
105B
MD55395ce917909bf1d6263beee50a31567
SHA17a790afd81b15f17f8c89eb892eff146e4b14071
SHA256efeb72405927dbf95840affe459b4351622947b535c01398017a24cb9df5d0cb
SHA512094be867fc8d2f82ef57efde7377fc296cfeace97757cb2079feebb50f6a1836cb939321772e14f4d754e31d379a21e136258ddba4b071d24000559576ee5fe3