Overview

overview

10

Static

static

10

com.baniiz...er.apk

android-9-x86

1

com.baniiz...er.apk

android-10-x64

4

com.baniiz...er.apk

android-11-x64

1

childapp.apk

android-9-x86

childapp.apk

android-10-x64

7

childapp.apk

android-11-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    com.baniiz.kedra_Dropper.apk

  • Size

    9.7MB

  • Sample

    241110-1mp5daweng

  • MD5

    a391b86ee6657266fda0d4e9c3c4dd35

  • SHA1

    66b40102b707f8133a9313e61560873e4a57fb71

  • SHA256

    c12f029e940b13af201e70d4ea48b4cb4bdfafd170933c56326400810210bfc2

  • SHA512

    174a9eca2da9fafbe511b84e5d56a834df1fd93741db300412c62c1d26cfb0adb83129af6f8e79364e311a988fad3ff0ab15603e81eb1f91e2c27195259f0deb

  • SSDEEP

    196608:WBw4yX54tND8swBsGEsKchHfpJBOa+/lcN6I99u6V:6S4Po7sGB9HfpTO6N6I9IS

Score
10/10
spynoteandroidbankercollectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Targets

    • Target

      com.baniiz.kedra_Dropper.apk

    • Size

      9.7MB

    • MD5

      a391b86ee6657266fda0d4e9c3c4dd35

    • SHA1

      66b40102b707f8133a9313e61560873e4a57fb71

    • SHA256

      c12f029e940b13af201e70d4ea48b4cb4bdfafd170933c56326400810210bfc2

    • SHA512

      174a9eca2da9fafbe511b84e5d56a834df1fd93741db300412c62c1d26cfb0adb83129af6f8e79364e311a988fad3ff0ab15603e81eb1f91e2c27195259f0deb

    • SSDEEP

      196608:WBw4yX54tND8swBsGEsKchHfpJBOa+/lcN6I99u6V:6S4Po7sGB9HfpTO6N6I9IS

    Score
    4/10
    persistence
    behavioral1behavioral2behavioral3

    • Target

      childapp.apk

    • Size

      8.1MB

    • MD5

      0036b25d44ad067df2ffd0a1e933aed3

    • SHA1

      5bda68ea63cfc279dd7712487e7969abe49aa5a2

    • SHA256

      c875b57b5367611b7624b073b7e8ccee4859182b357af5a76fa886d0fc3da374

    • SHA512

      4d3c15f01b9e810692dc832e73cf85f85ea941a81ca7e6fb5a516296783185e58269e3737a09dce9403a294840e5150a1b3e1c5a4dcd9c12a7fb86f2a69fa91a

    • SSDEEP

      98304:pJ5JH9ZQg12W9oCo33iDSgGnndmz9aLEhFISzB4bDxV/0mG0bDxtbDxu/Ow0J:zH9Z324Xg37g8nwz9aLEhaDxDHDMYJ

    Score
    7/10
    bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

    • Loads dropped Dex/Jar

      Runs executable file dropped to the device during analysis.

      evasion

    • Makes use of the framework's Accessibility service

      Retrieves information displayed on the phone screen using AccessibilityService.

      collectionevasioncredential_access

    • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

      bankerdiscovery

    • Acquires the wake lock

    • Makes use of the framework's foreground persistence service

      Application may abuse the framework's foreground service to continue running in the foreground.

      evasionpersistence
    behavioral4behavioral5behavioral6

MITRE ATT&CK Mobile v15

Tasks