Analysis

  • max time kernel
    1799s
  • max time network
    1803s
  • platform
    android_x86
  • resource
    android-x86-arm-20240624-en
  • resource tags

    androidarch:armarch:x86image:android-x86-arm-20240624-enlocale:en-usos:android-9-x86system
  • submitted
    10-11-2024 03:30

General

  • Target

    signed.apk

  • Size

    78KB

  • MD5

    2b71306486b7948be17924ed3d7608d1

  • SHA1

    afbe9a05550c418dd77acaf65bce46ba5d541080

  • SHA256

    6657b221083beef8c1d73e16fc553ebf05962fd812b3d1f81b8c17ddff775310

  • SHA512

    4a094207acef91bddb91f7bd705cce8aa54a4776d00854bea457fd19173cf94382e4526b7d161f7f51f4fb65215bb4fae692673b8908cd04332d488b7d92dfa3

  • SSDEEP

    1536:OAtfCB3d/aaR+7CJwfbcvzqgZoCLB51IB0KlsrcbGYA6a0VpxNi39eND:OSfCBt/NwTxgZoCr1RKCQMd0VrNWeND

Malware Config

Signatures

  • Loads dropped Dex/Jar 1 TTPs 17 IoCs

    Runs executable file dropped to the device during analysis.

  • Makes use of the framework's Accessibility service 4 TTPs 2 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Reads the content of the call log. 1 TTPs 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Performs UI accessibility actions on behalf of the user 1 TTPs 3 IoCs

    Application may abuse the accessibility service to prevent their removal.

  • Queries the mobile country code (MCC) 1 TTPs 1 IoCs
  • Requests disabling of battery optimizations (often used to enable hiding in the background). 1 TTPs 1 IoCs
  • Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

Processes

  • com.bani.kedr.clv
    1⤵
    • Loads dropped Dex/Jar
    • Makes use of the framework's Accessibility service
    • Reads the content of the call log.
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Performs UI accessibility actions on behalf of the user
    • Queries the mobile country code (MCC)
    • Requests disabling of battery optimizations (often used to enable hiding in the background).
    • Registers a broadcast receiver at runtime (usually for listening for system events)
    PID:4315
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bani.kedr/files/Factory/Plugins/classes.dex --output-vdex-fd=44 --oat-fd=45 --oat-location=/data/user/0/com.bani.kedr/files/Factory/Plugins/oat/x86/classes.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4342
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bani.kedr/files/Factory/Plugins/classes1.dex --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/user/0/com.bani.kedr/files/Factory/Plugins/oat/x86/classes1.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4381
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bani.kedr/files/Factory/Plugins/classes2.dex --output-vdex-fd=50 --oat-fd=51 --oat-location=/data/user/0/com.bani.kedr/files/Factory/Plugins/oat/x86/classes2.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4404
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bani.kedr/files/Factory/Plugins/classes3.dex --output-vdex-fd=49 --oat-fd=50 --oat-location=/data/user/0/com.bani.kedr/files/Factory/Plugins/oat/x86/classes3.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4427
    • /system/bin/dex2oat --instruction-set=x86 --instruction-set-features=ssse3,-sse4.1,-sse4.2,-avx,-avx2,-popcnt --runtime-arg -Xhidden-api-checks --runtime-arg -Xrelocate --boot-image=/system/framework/boot.art --runtime-arg -Xms64m --runtime-arg -Xmx512m --instruction-set-variant=x86 --instruction-set-features=default --inline-max-code-units=0 --compact-dex-level=none --dex-file=/data/user/0/com.bani.kedr/files/Factory/Plugins/classes4.dex --output-vdex-fd=49 --oat-fd=48 --oat-location=/data/user/0/com.bani.kedr/files/Factory/Plugins/oat/x86/classes4.odex --compiler-filter=quicken --class-loader-context=&
      2⤵
      • Loads dropped Dex/Jar
      PID:4449

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.bani.kedr/files/Factory/Plugins/classes1.dex

    Filesize

    32KB

    MD5

    8fa8f30cdfccbe47530250ab737af2bf

    SHA1

    dbf0e9e0f414be03463547581350caa17174a20d

    SHA256

    bd28319b7ecac8a73d0b0cb6654fc0a1cde3ce41d592a12babbffbf4f6fd48b2

    SHA512

    548918ac987671d698675725e123e7af5839bad48fddd7f5ececea200834f65bf7bd93c1e3d6121c7a8ffa83be65043ecd02df356184f76970d85d6dc703ab19

  • /data/data/com.bani.kedr/files/Factory/Plugins/classes2.dex

    Filesize

    31KB

    MD5

    c037f8990c548abee13ddd75841f6e19

    SHA1

    b0a91adeb28877c37abaedce612514985a9bd048

    SHA256

    2f2af59ad907901a7697704b9c614cae33d41e3a7cbe4c12713db2a46a870ba2

    SHA512

    fe8a445780c7032246e25ffd7df1b86f56fc28d1dbe0d29ae7e8ebc3bfddc48e8c8ac0edc7207238cc6e2d1482cde1b4b35a8a903655f859e9f7b87293512f54

  • /data/data/com.bani.kedr/files/Factory/Plugins/classes3.dex

    Filesize

    49KB

    MD5

    5d0c876854c63ae1fe8a2efe6cd2de7f

    SHA1

    2c2bdc9a16318e420680a40c5517a544f30f0c22

    SHA256

    da42b5ae7c80e6526f46fa09528f30274eb115225f06574e0af3c96137645dba

    SHA512

    63179e2ef46be90ac80e9ac921121fbd106c93d056529aa1192da075473bca375de21cf902e0e4e0530cf7e56dacea40b6e8ece2077df7fc6ef29b4a091d72c5

  • /data/data/com.bani.kedr/files/Factory/Plugins/classes4.dex

    Filesize

    24KB

    MD5

    c6cc207eb8351ba12c1dd9179d7e2e6a

    SHA1

    13437dfcdcd1b98edc2f1f5eb7518c6a3087401e

    SHA256

    0a78879b05450ce3427a9c661887ff1d468acc798150abbf579cc4ba723aee45

    SHA512

    c6bbd11f2704181636e9d60a7cbd51a01bf0ef45873264a2f1f986000233b9c2440928d0a4704d59586a714d183cabeeb9d3d02e0de5576a28192c40672eb0fd

  • /data/data/com.bani.kedr/files/Factory/Plugins/oat/classes.dex.cur.prof

    Filesize

    304B

    MD5

    cd230b4ae872e6df7e381f8a1efcab31

    SHA1

    27678bb061f5f573e748f6e501e17ba939eaf585

    SHA256

    a7416226fac639adef3c90736b442bfe8c7e2810e8042c8aa7bee94b28706fd3

    SHA512

    f614beb4d22c3b0c0c86b536972c80ad4829f2a0b12ef3111983838f637c9a8c42ae455404c43c6d01b7b767337d4676f922cbaac96db70d31e76528af4fee18

  • /data/data/com.bani.kedr/files/Factory/Plugins/oat/classes3.dex.cur.prof

    Filesize

    152B

    MD5

    4f5e80722e7dd7d260eee419f5f2e7f1

    SHA1

    517f1e6e43e9339bd0eef6b5c45053942068abb0

    SHA256

    7cb0b2b7b397b59e157e245475fb9e77a3f30abad72d7ee57418954a5225bd1b

    SHA512

    3d3dbbcdf753e5241769290241d2182c8d4bba48ff6689a74f90746b5769e55fb8e0c107a7e527980552c8bde6aadacbad08f2d35cd52fc50f3232b7d47cbe33

  • /data/user/0/com.bani.kedr/files/Factory/Plugins/classes.dex

    Filesize

    122KB

    MD5

    2609398a3ef4fa35db724161351a775a

    SHA1

    3d813dbe5d37a554fe951d6a5447afded2edeb4a

    SHA256

    b9976886fad8dc0750c76d481cfe766b8d785e80831b373a671f5ee2b44087cf

    SHA512

    e771dccc46302e10a4769d58c8e7f37712de373327e9f59535fc15acf240de146572734075a8caca3aff26bbb31e34ecb2ad1d03439055609183a9c314c09e28

  • /data/user/0/com.bani.kedr/files/Factory/Plugins/classes1.dex

    Filesize

    32KB

    MD5

    0250ff9934474769c55ece75265c3c94

    SHA1

    1db7e7248e6ccd2d9e1170f657a3a844c8c60566

    SHA256

    8d24dfce6df8006b7e0f9a3d493753de5e5cc1a772bc3dd472d13c3e7385b298

    SHA512

    f691a82a4c4a0fc2040885cd83ad35f71c2de8c318f5e8c544cbfddc78793d9d39cd93b1fafe48b921179fb3d03e67ec5aabfbd7d33512936d9be177b3e9244c

  • /data/user/0/com.bani.kedr/files/Factory/Plugins/classes2.dex

    Filesize

    31KB

    MD5

    66f9fccc05adbcecbaefaf1328048308

    SHA1

    3e58ff25deab903288d54bd4ac54f82f933d8eb4

    SHA256

    9b9500b6abd22bff8a4e013312d46197e7c67ac52866e1a1066256fb18c5ebee

    SHA512

    e3486996490c72de3d2b75f7d8d62ae94f9cb195f2bd037f13919aefc8db04fa66abfd914f7b6802f9d82a96b5b6c48a1dd3ad3863f76ec4d65283ba5fa0fe13

  • /data/user/0/com.bani.kedr/files/Factory/Plugins/classes3.dex

    Filesize

    49KB

    MD5

    245650322c5aaeabed6b825bb3db4296

    SHA1

    5d0c1a228c430248dd692d0b559c2e116245b449

    SHA256

    81fd3f356f6e08549c6de691e6927d3c62886f77f94ed2c330dc1028cba1341f

    SHA512

    e2c5618665c8facac49a83f5f95743bce029a67d18268cf124f06fdba2691b96169e2a37063baf2fcbab5092b33869bb5b33de9d7e1282cc2e33dc9a2dc4b894

  • /data/user/0/com.bani.kedr/files/Factory/Plugins/classes4.dex

    Filesize

    24KB

    MD5

    e4d55779d25ac6c8590694d68171b153

    SHA1

    2c54417bbf253085211f4b47c04af4b2038bb561

    SHA256

    ad485c9580cdf64988bd663352f9b40045b4c1d5283d7d8ced52c78f528b909c

    SHA512

    78a83a68e0c0c2dc5ef520bb6fe32cc25aaf49e6b05e5869f1b7dc03d15d9f5f466d4ca725c85ce7e516cf8049a90c2690de0cc04146e96ff13ab258e1b817cc

  • Anonymous-DexFile@0xc8e4b000-0xc8e5b398

    Filesize

    64KB

    MD5

    0d2f45057fbd60e4990a61f945ae75d4

    SHA1

    89decf38cf17577be26e76b67959d18373949ff4

    SHA256

    7f50f81d62d1131f31d48c31c93980f5c14d318696f74295835844c7fafe4144

    SHA512

    a73ac905fdebe3faded9882db05619eea2f59ccd35e056ffbebdf28dd7e8bfc0571cfce973cace717a8db5b86c43a34c70b8e49783aba37a6dec0174eaf1d0df

  • Anonymous-DexFile@0xc9bc1000-0xc9bdfac0

    Filesize

    122KB

    MD5

    46fa0be21b6c8acbc6b665d481c78f97

    SHA1

    9da7501a290f1bc64e8099fa4cf47d7ed769c93b

    SHA256

    a5b9862c8187bc8677ba6f503265d68ae650314e679b636c246c12d5aab6d255

    SHA512

    6cb44404ed32e4b57fb6b18ba23d5aaf37cbbd3f63468a95d042dc92c15a9202773e58216d0694b84d137f73ed4652937ea36e3cf4770a9a92d81d353762f362