Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    09-11-2024 19:54

General

  • Target

    signed.apk

  • Size

    78KB

  • MD5

    2b71306486b7948be17924ed3d7608d1

  • SHA1

    afbe9a05550c418dd77acaf65bce46ba5d541080

  • SHA256

    6657b221083beef8c1d73e16fc553ebf05962fd812b3d1f81b8c17ddff775310

  • SHA512

    4a094207acef91bddb91f7bd705cce8aa54a4776d00854bea457fd19173cf94382e4526b7d161f7f51f4fb65215bb4fae692673b8908cd04332d488b7d92dfa3

  • SSDEEP

    1536:OAtfCB3d/aaR+7CJwfbcvzqgZoCLB51IB0KlsrcbGYA6a0VpxNi39eND:OSfCBt/NwTxgZoCr1RKCQMd0VrNWeND

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 16 IoCs

    Runs executable file dropped to the device during analysis.

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Reads the content of the call log. 1 TTPs 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs

    Application may abuse the accessibility service to prevent their removal.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.bani.kedr.clv
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Reads the content of the call log.
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4256
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bani.kedr/files/Factory/Plugins/classes.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.bani.kedr/files/Factory/Plugins/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4284
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bani.kedr/files/Factory/Plugins/classes1.dex --output-vdex-fd=51 --oat-fd=50 --oat-location=/data/user/0/com.bani.kedr/files/Factory/Plugins/oat/x86/classes1.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4455
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bani.kedr/files/Factory/Plugins/classes3.dex --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/user/0/com.bani.kedr/files/Factory/Plugins/oat/x86/classes3.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4498
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bani.kedr/files/Factory/Plugins/classes4.dex --output-vdex-fd=46 --oat-fd=50 --oat-location=/data/user/0/com.bani.kedr/files/Factory/Plugins/oat/x86/classes4.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4524

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.bani.kedr/files/Factory/Plugins/classes1.dex

    Filesize

    32KB

    MD5

    8fa8f30cdfccbe47530250ab737af2bf

    SHA1

    dbf0e9e0f414be03463547581350caa17174a20d

    SHA256

    bd28319b7ecac8a73d0b0cb6654fc0a1cde3ce41d592a12babbffbf4f6fd48b2

    SHA512

    548918ac987671d698675725e123e7af5839bad48fddd7f5ececea200834f65bf7bd93c1e3d6121c7a8ffa83be65043ecd02df356184f76970d85d6dc703ab19

  • /data/data/com.bani.kedr/files/Factory/Plugins/classes2.dex

    Filesize

    31KB

    MD5

    c037f8990c548abee13ddd75841f6e19

    SHA1

    b0a91adeb28877c37abaedce612514985a9bd048

    SHA256

    2f2af59ad907901a7697704b9c614cae33d41e3a7cbe4c12713db2a46a870ba2

    SHA512

    fe8a445780c7032246e25ffd7df1b86f56fc28d1dbe0d29ae7e8ebc3bfddc48e8c8ac0edc7207238cc6e2d1482cde1b4b35a8a903655f859e9f7b87293512f54

  • /data/data/com.bani.kedr/files/Factory/Plugins/classes3.dex

    Filesize

    49KB

    MD5

    5d0c876854c63ae1fe8a2efe6cd2de7f

    SHA1

    2c2bdc9a16318e420680a40c5517a544f30f0c22

    SHA256

    da42b5ae7c80e6526f46fa09528f30274eb115225f06574e0af3c96137645dba

    SHA512

    63179e2ef46be90ac80e9ac921121fbd106c93d056529aa1192da075473bca375de21cf902e0e4e0530cf7e56dacea40b6e8ece2077df7fc6ef29b4a091d72c5

  • /data/data/com.bani.kedr/files/Factory/Plugins/classes4.dex

    Filesize

    24KB

    MD5

    c6cc207eb8351ba12c1dd9179d7e2e6a

    SHA1

    13437dfcdcd1b98edc2f1f5eb7518c6a3087401e

    SHA256

    0a78879b05450ce3427a9c661887ff1d468acc798150abbf579cc4ba723aee45

    SHA512

    c6bbd11f2704181636e9d60a7cbd51a01bf0ef45873264a2f1f986000233b9c2440928d0a4704d59586a714d183cabeeb9d3d02e0de5576a28192c40672eb0fd

  • /data/data/com.bani.kedr/files/Factory/Plugins/oat/classes.dex.cur.prof

    Filesize

    176B

    MD5

    9f356a0a665daecd3b1db9e000715bcc

    SHA1

    2108455958c47cebbf2c890d1dafc451b27f6418

    SHA256

    17f9a7ba766d3aac32f569438476ba3c2151b84eb0219eb2bcf444a5dae1b96e

    SHA512

    a7d79930a8fe408c0cf15669fe8d792b644cb904cd86d6811b6d881a96ff406ef790473a9f9438458649f28f8091f3364a63fd1bfa77c58068cf0c4f118998ea

  • /data/data/com.bani.kedr/files/Factory/Plugins/oat/classes4.dex.cur.prof

    Filesize

    107B

    MD5

    611122adf18b63a70cce6625f89189e0

    SHA1

    1e2cd32887c4be057302d671881a402c0e9a79ec

    SHA256

    667edcbce64faae6c0cc936006c28760cc1e7548bed22152eb02e2f7ba00c557

    SHA512

    e75989bf0fa078de4800db94bd36b4a829fa6f7729bbcad33c70740114d92db96926d54ef5200205a4047dc3293c9f053be4eb284f344e42c45161f7c401eff5

  • /data/user/0/com.bani.kedr/files/Factory/Plugins/classes.dex

    Filesize

    122KB

    MD5

    2609398a3ef4fa35db724161351a775a

    SHA1

    3d813dbe5d37a554fe951d6a5447afded2edeb4a

    SHA256

    b9976886fad8dc0750c76d481cfe766b8d785e80831b373a671f5ee2b44087cf

    SHA512

    e771dccc46302e10a4769d58c8e7f37712de373327e9f59535fc15acf240de146572734075a8caca3aff26bbb31e34ecb2ad1d03439055609183a9c314c09e28

  • /data/user/0/com.bani.kedr/files/Factory/Plugins/classes1.dex

    Filesize

    32KB

    MD5

    0250ff9934474769c55ece75265c3c94

    SHA1

    1db7e7248e6ccd2d9e1170f657a3a844c8c60566

    SHA256

    8d24dfce6df8006b7e0f9a3d493753de5e5cc1a772bc3dd472d13c3e7385b298

    SHA512

    f691a82a4c4a0fc2040885cd83ad35f71c2de8c318f5e8c544cbfddc78793d9d39cd93b1fafe48b921179fb3d03e67ec5aabfbd7d33512936d9be177b3e9244c

  • /data/user/0/com.bani.kedr/files/Factory/Plugins/classes3.dex

    Filesize

    49KB

    MD5

    245650322c5aaeabed6b825bb3db4296

    SHA1

    5d0c1a228c430248dd692d0b559c2e116245b449

    SHA256

    81fd3f356f6e08549c6de691e6927d3c62886f77f94ed2c330dc1028cba1341f

    SHA512

    e2c5618665c8facac49a83f5f95743bce029a67d18268cf124f06fdba2691b96169e2a37063baf2fcbab5092b33869bb5b33de9d7e1282cc2e33dc9a2dc4b894

  • /data/user/0/com.bani.kedr/files/Factory/Plugins/classes4.dex

    Filesize

    24KB

    MD5

    e4d55779d25ac6c8590694d68171b153

    SHA1

    2c54417bbf253085211f4b47c04af4b2038bb561

    SHA256

    ad485c9580cdf64988bd663352f9b40045b4c1d5283d7d8ced52c78f528b909c

    SHA512

    78a83a68e0c0c2dc5ef520bb6fe32cc25aaf49e6b05e5869f1b7dc03d15d9f5f466d4ca725c85ce7e516cf8049a90c2690de0cc04146e96ff13ab258e1b817cc

  • Anonymous-DexFile@0xd3aa8000-0xd3ab8398

    Filesize

    64KB

    MD5

    0d2f45057fbd60e4990a61f945ae75d4

    SHA1

    89decf38cf17577be26e76b67959d18373949ff4

    SHA256

    7f50f81d62d1131f31d48c31c93980f5c14d318696f74295835844c7fafe4144

    SHA512

    a73ac905fdebe3faded9882db05619eea2f59ccd35e056ffbebdf28dd7e8bfc0571cfce973cace717a8db5b86c43a34c70b8e49783aba37a6dec0174eaf1d0df

  • Anonymous-DexFile@0xd5f26000-0xd5f44ac0

    Filesize

    122KB

    MD5

    46fa0be21b6c8acbc6b665d481c78f97

    SHA1

    9da7501a290f1bc64e8099fa4cf47d7ed769c93b

    SHA256

    a5b9862c8187bc8677ba6f503265d68ae650314e679b636c246c12d5aab6d255

    SHA512

    6cb44404ed32e4b57fb6b18ba23d5aaf37cbbd3f63468a95d042dc92c15a9202773e58216d0694b84d137f73ed4652937ea36e3cf4770a9a92d81d353762f362