a11ae11a5733dd29842ae1d6431c949ecfedfc4c0b10176131d1e8b3942862f5

Analysis

max time kernel
15s
max time network
127s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
30-10-2024 22:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Predator 2.apk
Size

3.7MB
MD5

732b55fe03a3f5e3d69afe5ef525438d
SHA1

bfc3d17e88d86258e8e37cb44c7c2d7082ee49c9
SHA256

a11ae11a5733dd29842ae1d6431c949ecfedfc4c0b10176131d1e8b3942862f5
SHA512

7a2fa9c2bcb47cf2a174d90c2d79caf93ff5e77ea8f624938b74c250c3ea7a88d24bacc953e4c5960817edcf54c5972bff099ca41b1d257bbb39723da7ae6546
SSDEEP

49152:XmjUiEZT53/ng3nxdFdKZHymQgG3f6CmzfzdGGFQTOMKJUxYqL0cgc03yL3LGSk:0REvkRySmxG3SCmzfzBqTD0tc0yW

Score

7^/10

banker discovery evasion execution persistence

Malware Config

Signatures

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

Processes:

kevin.ontario.cod

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	kevin.ontario.cod

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

Processes:

kevin.ontario.cod

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	kevin.ontario.cod

Queries information about active data network 1 TTPs 1 IoCs

discovery

System Network Connections Discovery

T1421

Processes:

kevin.ontario.cod

description	ioc	Process
Framework service call	android.net.IConnectivityManager.getActiveNetworkInfo	kevin.ontario.cod

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

Processes:

kevin.ontario.cod

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	kevin.ontario.cod

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

Processes:

kevin.ontario.cod

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	kevin.ontario.cod

kevin.ontario.cod
1⤵
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Queries information about active data network
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4966