Overview

overview

10

Static

static

10

Predator 2.apk

android-9-x86

8

Predator 2.apk

android-10-x64

7

Predator 2.apk

android-11-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    30/10/2024, 22:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Predator 2.apk

  • Size

    3.7MB

  • MD5

    732b55fe03a3f5e3d69afe5ef525438d

  • SHA1

    bfc3d17e88d86258e8e37cb44c7c2d7082ee49c9

  • SHA256

    a11ae11a5733dd29842ae1d6431c949ecfedfc4c0b10176131d1e8b3942862f5

  • SHA512

    7a2fa9c2bcb47cf2a174d90c2d79caf93ff5e77ea8f624938b74c250c3ea7a88d24bacc953e4c5960817edcf54c5972bff099ca41b1d257bbb39723da7ae6546

  • SSDEEP

    49152:XmjUiEZT53/ng3nxdFdKZHymQgG3f6CmzfzdGGFQTOMKJUxYqL0cgc03yL3LGSk:0REvkRySmxG3SCmzfzBqTD0tc0yW

Score
8/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • kevin.ontario.cod
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    PID:4609

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-30.txt
    Filesize

    25B

    MD5

    749af3b8d53606c7777359dff271710a

    SHA1

    38c222bd446af5f06b689e6d1edb6be053dc1918

    SHA256

    507d4a875476633d215eb27e67af2b56c3b12b3403328781850508da7c17a5af

    SHA512

    1bf956585a5d3c2b246e2f4b05292d28776172257599d71f246404b8124450be8a110b37111f929d1717c8bcb414c99ccb490d98f192b7e6e31dfde7c2bacccc

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-30.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-30.txt
    Filesize

    276B

    MD5

    1f38239697428f7208668a15e5ae18b1

    SHA1

    0376df5efbb87c31db0318cd8cdcaa885b0d5608

    SHA256

    37cf804fba0ff5085240d98c8523051b68147d3265f537e2b1fd58eeca3bfa75

    SHA512

    3d9c2c846c6d1570c5510347d5f538b737f25540fb93d3d87ee1c211bc73789b0ea1c9e6bfbd01da8f4f7dd21e7bb9c7c5373104de87f2e0808f24970b72d007

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-30.txt
    Filesize

    33B

    MD5

    ca982d29b696b9f9c44a27d960d3fb79

    SHA1

    6794274777030e7b50a4b1ba9587e0b234d99ddb

    SHA256

    8e0cf2134f727e35e15784a687884ea38e7d60437c2dd12f9424464b53523ff3

    SHA512

    7bbd2bbdebf65a5d9568a2b8d1c587f7ad4a2b85e29643d7035107f862012bb68d472a94ce756abc3334b09847b5b8535572d8bd2d4552cb53d6acff80cb6cfb

    Download Submit