Overview

overview

10

Static

static

10

Predator 2.apk

android-9-x86

8

Predator 2.apk

android-10-x64

7

Predator 2.apk

android-11-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    30/10/2024, 22:46 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Predator 2.apk

  • Size

    3.7MB

  • MD5

    732b55fe03a3f5e3d69afe5ef525438d

  • SHA1

    bfc3d17e88d86258e8e37cb44c7c2d7082ee49c9

  • SHA256

    a11ae11a5733dd29842ae1d6431c949ecfedfc4c0b10176131d1e8b3942862f5

  • SHA512

    7a2fa9c2bcb47cf2a174d90c2d79caf93ff5e77ea8f624938b74c250c3ea7a88d24bacc953e4c5960817edcf54c5972bff099ca41b1d257bbb39723da7ae6546

  • SSDEEP

    49152:XmjUiEZT53/ng3nxdFdKZHymQgG3f6CmzfzdGGFQTOMKJUxYqL0cgc03yL3LGSk:0REvkRySmxG3SCmzfzBqTD0tc0yW

Score
8/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistencestealthtrojan

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
    stealthtrojanevasion
  • Makes use of the framework's Accessibility service 4 TTPs 3 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Queries information about active data network 1 TTPs 1 IoCs
    discovery
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
    evasion
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • kevin.ontario.cod
    1⤵
    • Removes its main activity from the application launcher
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Queries information about active data network
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Schedules tasks to execute at a specified time
    PID:4609

Network

  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    216.58.204.78
  • flag-us
    DNS
    ssl.google-analytics.com
    Remote address:
    1.1.1.1:53
    Request
    ssl.google-analytics.com
    IN A
    Response
    ssl.google-analytics.com
    IN A
    142.250.178.8
  • 142.250.187.238:443
    tls, https
    695 B
     40 B
     1
    1
  • 142.250.187.238:443
    tls, https
    695 B
     40 B
     1
    1
  • 142.250.187.238:443
    android.apis.google.com
    tls
    999 B
     4.5kB
     8
    7
  • 216.58.204.78:443
    android.apis.google.com
    tls
    5.6kB
     8.6kB
     23
    21
  • 142.250.178.8:443
    ssl.google-analytics.com
    tls
    1.3kB
     6.3kB
     8
    9
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    120 B
     40 B
     2
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 142.250.200.36:443
    tls, https
    851 B
     40 B
     2
    1
  • 142.250.200.36:443
    www.google.com
    tls
    11.3kB
     12.3kB
     34
    40
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    120 B
     40 B
     2
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    120 B
     40 B
     2
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    120 B
     40 B
     2
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    120 B
     40 B
     2
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 5.42.92.97:7771
    60 B
     40 B
     1
    1
  • 224.0.0.251:5353
    3.3kB
     10
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
     109 B
     1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    216.58.204.78

  • 1.1.1.1:53
    ssl.google-analytics.com
    dns
    70 B
     86 B
     1
    1

    DNS Request

    ssl.google-analytics.com

    DNS Response

    142.250.178.8

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-30.txt
    Filesize

    25B

    MD5

    749af3b8d53606c7777359dff271710a

    SHA1

    38c222bd446af5f06b689e6d1edb6be053dc1918

    SHA256

    507d4a875476633d215eb27e67af2b56c3b12b3403328781850508da7c17a5af

    SHA512

    1bf956585a5d3c2b246e2f4b05292d28776172257599d71f246404b8124450be8a110b37111f929d1717c8bcb414c99ccb490d98f192b7e6e31dfde7c2bacccc

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-30.txt
    Filesize

    25B

    MD5

    ba30336bf53d54ed3c0ea69dd545de8c

    SHA1

    ce99c6724c75b93b7448e2d9fac16ca702a5711f

    SHA256

    2d6988fb5afdaafc4e33fa1f71d6f10c95ab5a49a8ec820add5b13eef05439af

    SHA512

    eea34ca526e03349e746d3687ea660b4748f0174fe2ffdb65161e232e08630b345e03329614852ce881a71362ba68575e9dd08fa361a416e5b2fb231e21a0a3e

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-30.txt
    Filesize

    276B

    MD5

    1f38239697428f7208668a15e5ae18b1

    SHA1

    0376df5efbb87c31db0318cd8cdcaa885b0d5608

    SHA256

    37cf804fba0ff5085240d98c8523051b68147d3265f537e2b1fd58eeca3bfa75

    SHA512

    3d9c2c846c6d1570c5510347d5f538b737f25540fb93d3d87ee1c211bc73789b0ea1c9e6bfbd01da8f4f7dd21e7bb9c7c5373104de87f2e0808f24970b72d007

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-10-30.txt
    Filesize

    33B

    MD5

    ca982d29b696b9f9c44a27d960d3fb79

    SHA1

    6794274777030e7b50a4b1ba9587e0b234d99ddb

    SHA256

    8e0cf2134f727e35e15784a687884ea38e7d60437c2dd12f9424464b53523ff3

    SHA512

    7bbd2bbdebf65a5d9568a2b8d1c587f7ad4a2b85e29643d7035107f862012bb68d472a94ce756abc3334b09847b5b8535572d8bd2d4552cb53d6acff80cb6cfb

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.