Analysis
-
max time kernel
147s -
max time network
138s -
platform
android_x86 -
resource
android-x86-arm-20240624-en -
resource tags
androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system -
submitted
07-11-2024 17:30
Static task
static1
Behavioral task
behavioral1
Sample
934c686328aea5bddc4ff31be56a9697f9b8452b24874a4228ec7fdfd094f009.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
934c686328aea5bddc4ff31be56a9697f9b8452b24874a4228ec7fdfd094f009.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
934c686328aea5bddc4ff31be56a9697f9b8452b24874a4228ec7fdfd094f009.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
jyoecfoe22.apk
Resource
android-x86-arm-20240910-en
Behavioral task
behavioral5
Sample
jyoecfoe22.apk
Resource
android-x64-20240910-en
Behavioral task
behavioral6
Sample
jyoecfoe22.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral7
Sample
jyoecfoe29.apk
Resource
android-x86-arm-20240910-en
General
-
Target
934c686328aea5bddc4ff31be56a9697f9b8452b24874a4228ec7fdfd094f009.apk
-
Size
25.7MB
-
MD5
a6fd541125afa39aaaf2f6663683fb38
-
SHA1
a68f894af1c6143a0dfcee9425f2fa27cecd44e1
-
SHA256
934c686328aea5bddc4ff31be56a9697f9b8452b24874a4228ec7fdfd094f009
-
SHA512
f7f23a80993c05b2f1fa3d662f76781d183f516b2bfb49e4bea6b836a026de1dd3105823eeb91038e24fd25c85f27d152010889cbeaf78018764012d0dccd727
-
SSDEEP
786432:rQBOGpChwi4VT7f5AWPuHDugUyI0HTXZWmH:rSOGpChwiMPxUHygUyRHbZWmH
Malware Config
Signatures
-
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Declares services with permission to bind to the system 2 IoCs
Processes:
description ioc Required by accessibility services to bind with the system. Allows apps to access accessibility features. android.permission.BIND_ACCESSIBILITY_SERVICE Required by in-call services to bind with the system. Allows apps to handle aspects of phone calls while they are in progress. android.permission.BIND_INCALL_SERVICE -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
Processes:
com.kohsqtsik.kkbdgmpfdescription ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.kohsqtsik.kkbdgmpf -
Requests allowing to install additional applications from unknown sources. 1 TTPs 1 IoCs
Processes:
com.kohsqtsik.kkbdgmpfdescription ioc Process Intent action android.settings.MANAGE_UNKNOWN_APP_SOURCES com.kohsqtsik.kkbdgmpf -
Requests dangerous framework permissions 20 IoCs
Processes:
description ioc Allows the app to answer an incoming phone call. android.permission.ANSWER_PHONE_CALLS Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS Allows an application to read the user's call log. android.permission.READ_CALL_LOG Allows an application to write and read the user's call log data. android.permission.WRITE_CALL_LOG Allows an application to read the user's contacts data. android.permission.READ_CONTACTS Allows an application to write the user's contacts data. android.permission.WRITE_CONTACTS Allows an application to read SMS messages. android.permission.READ_SMS Allows an application to send SMS messages. android.permission.SEND_SMS Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. android.permission.PROCESS_OUTGOING_CALLS Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. android.permission.SYSTEM_ALERT_WINDOW Required to be able to access the camera device. android.permission.CAMERA Allows an application to record audio. android.permission.RECORD_AUDIO Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION Allows an application a broad access to external storage in scoped storage. android.permission.MANAGE_EXTERNAL_STORAGE Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
Processes:
com.kohsqtsik.kkbdgmpfdescription ioc Process Framework service call android.app.IActivityManager.registerReceiver com.kohsqtsik.kkbdgmpf -
Checks CPU information 2 TTPs 1 IoCs
Processes:
com.kohsqtsik.kkbdgmpfdescription ioc Process File opened for read /proc/cpuinfo com.kohsqtsik.kkbdgmpf -
Checks memory information 2 TTPs 1 IoCs
Processes:
com.kohsqtsik.kkbdgmpfdescription ioc Process File opened for read /proc/meminfo com.kohsqtsik.kkbdgmpf
Processes
-
com.kohsqtsik.kkbdgmpf1⤵
- Queries the mobile country code (MCC)
- Requests allowing to install additional applications from unknown sources.
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4247 -
chmod 755 /data/user/0/com.kohsqtsik.kkbdgmpf/files/.ss/l2c452656.so2⤵PID:4275
-
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Subvert Trust Controls
1Code Signing Policy Modification
1Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD580e35aef95212e8b988a562e2e14aae9
SHA18eb117537327ffd7a3aea18be1b1ec910a290238
SHA256997717e27e59bd025221c77e74a20baaee3426ec4a37840da0d1bb5bdda4a83d
SHA512e6a17ed6a8e4343f977526fac2aee80d496355067b37365fb0329aaf2e89008604ffaa1e8f165b8c7a0f30951f7e16bbb4acda3dca2a8516cba2f71ef37e495d
-
Filesize
8.1MB
MD503c49a3572d13053d3c564b2b3c97506
SHA11ded708d53c143cffb6942422866dd135278450f
SHA256e71a32170c93f257acc7276a4b0cdca025568599eba2ef9a62e141e4327f551e
SHA5125ee920ef7006cb35435c2705557d564df5b6dc2ea0566cc386260cfb9e98ff9eb381ee63a77cc8e61b273101dd0ba1466dec9f2a127155e7411e9a69b9c9673b
-
Filesize
6.6MB
MD5638672db7fe864404ba9140224267b53
SHA14c87d93bb9346cea5496ffc84d4518dc388a2c07
SHA256b0d56c8a2751f651a468c5b85430494ee5b17271b405869d3296da56b96aa1c3
SHA5121303241b7cdce078508238653f9c211f281cca457d0f0a944be5370e885a0bfb7dd5bd85fe69a1934b97e74925841eaea1904add9383f04d5279f80a4f9d11bd
-
Filesize
8.1MB
MD5eec90db03e3c0e274ffde36d19306c4a
SHA13c920a1c882971d8b87cb38b393cb262231085e2
SHA25617f7ca5c39948e2f6399aa8b85d169dc030176502552e9fba24493c833f974d0
SHA5124a38fd257ecce4a5d1c1826f0d1f17f6e77a69e850912729e76feee299c6282c99e927485f2b947f0a80716785f3ea04dfa56c8ce7e44cf088f28c4da25bdaa3