Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    android-10_x64
  • resource
    android-x64-20240910-en
  • resource tags

    arch:x64arch:x86image:android-x64-20240910-enlocale:en-usos:android-10-x64system
  • submitted
    09-11-2024 19:54

General

  • Target

    signed.apk

  • Size

    78KB

  • MD5

    2b71306486b7948be17924ed3d7608d1

  • SHA1

    afbe9a05550c418dd77acaf65bce46ba5d541080

  • SHA256

    6657b221083beef8c1d73e16fc553ebf05962fd812b3d1f81b8c17ddff775310

  • SHA512

    4a094207acef91bddb91f7bd705cce8aa54a4776d00854bea457fd19173cf94382e4526b7d161f7f51f4fb65215bb4fae692673b8908cd04332d488b7d92dfa3

  • SSDEEP

    1536:OAtfCB3d/aaR+7CJwfbcvzqgZoCLB51IB0KlsrcbGYA6a0VpxNi39eND:OSfCBt/NwTxgZoCr1RKCQMd0VrNWeND

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 12 IoCs

    Runs executable file dropped to the device during analysis.

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Performs UI accessibility actions on behalf of the user 1 TTPs 9 IoCs

    Application may abuse the accessibility service to prevent their removal.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.bani.kedr.clv
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:5122

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.bani.kedr/files/Factory/Plugins/classes1.dex

    Filesize

    32KB

    MD5

    8fa8f30cdfccbe47530250ab737af2bf

    SHA1

    dbf0e9e0f414be03463547581350caa17174a20d

    SHA256

    bd28319b7ecac8a73d0b0cb6654fc0a1cde3ce41d592a12babbffbf4f6fd48b2

    SHA512

    548918ac987671d698675725e123e7af5839bad48fddd7f5ececea200834f65bf7bd93c1e3d6121c7a8ffa83be65043ecd02df356184f76970d85d6dc703ab19

  • /data/data/com.bani.kedr/files/Factory/Plugins/classes2.dex

    Filesize

    31KB

    MD5

    c037f8990c548abee13ddd75841f6e19

    SHA1

    b0a91adeb28877c37abaedce612514985a9bd048

    SHA256

    2f2af59ad907901a7697704b9c614cae33d41e3a7cbe4c12713db2a46a870ba2

    SHA512

    fe8a445780c7032246e25ffd7df1b86f56fc28d1dbe0d29ae7e8ebc3bfddc48e8c8ac0edc7207238cc6e2d1482cde1b4b35a8a903655f859e9f7b87293512f54

  • /data/data/com.bani.kedr/files/Factory/Plugins/classes3.dex

    Filesize

    49KB

    MD5

    5d0c876854c63ae1fe8a2efe6cd2de7f

    SHA1

    2c2bdc9a16318e420680a40c5517a544f30f0c22

    SHA256

    da42b5ae7c80e6526f46fa09528f30274eb115225f06574e0af3c96137645dba

    SHA512

    63179e2ef46be90ac80e9ac921121fbd106c93d056529aa1192da075473bca375de21cf902e0e4e0530cf7e56dacea40b6e8ece2077df7fc6ef29b4a091d72c5

  • /data/data/com.bani.kedr/files/Factory/Plugins/classes4.dex

    Filesize

    24KB

    MD5

    c6cc207eb8351ba12c1dd9179d7e2e6a

    SHA1

    13437dfcdcd1b98edc2f1f5eb7518c6a3087401e

    SHA256

    0a78879b05450ce3427a9c661887ff1d468acc798150abbf579cc4ba723aee45

    SHA512

    c6bbd11f2704181636e9d60a7cbd51a01bf0ef45873264a2f1f986000233b9c2440928d0a4704d59586a714d183cabeeb9d3d02e0de5576a28192c40672eb0fd

  • /data/data/com.bani.kedr/files/Factory/Plugins/oat/classes.dex.cur.prof

    Filesize

    274B

    MD5

    2415e162b50a6853d75eb4f9794a10ef

    SHA1

    2c0e84e92a69e023a5f61a6748b2a837f037e8e2

    SHA256

    fec1b3a40cfda87670cb71daabfaccb5cf56b7648ea591c195fea3ca40fac5e3

    SHA512

    c07a780240ca5fc221ae69bf165d77a72bfa41c9d5c48f1847291667e3989a5641d53a2e5a437eebf0bcdec40d7b9aa1751f2d19f14e8a66e84763296114a33a

  • /data/user/0/com.bani.kedr/[email protected]

    Filesize

    64KB

    MD5

    0d2f45057fbd60e4990a61f945ae75d4

    SHA1

    89decf38cf17577be26e76b67959d18373949ff4

    SHA256

    7f50f81d62d1131f31d48c31c93980f5c14d318696f74295835844c7fafe4144

    SHA512

    a73ac905fdebe3faded9882db05619eea2f59ccd35e056ffbebdf28dd7e8bfc0571cfce973cace717a8db5b86c43a34c70b8e49783aba37a6dec0174eaf1d0df

  • /data/user/0/com.bani.kedr/[email protected]

    Filesize

    122KB

    MD5

    46fa0be21b6c8acbc6b665d481c78f97

    SHA1

    9da7501a290f1bc64e8099fa4cf47d7ed769c93b

    SHA256

    a5b9862c8187bc8677ba6f503265d68ae650314e679b636c246c12d5aab6d255

    SHA512

    6cb44404ed32e4b57fb6b18ba23d5aaf37cbbd3f63468a95d042dc92c15a9202773e58216d0694b84d137f73ed4652937ea36e3cf4770a9a92d81d353762f362