Overview

overview

10

Static

static

10

com.baniiz.kedra.apk

android-10-x64

7

com.baniiz.kedra.apk

android-11-x64

7

com.baniiz.kedra.apk

android-13-x64

7

com.baniiz.kedra.apk

android-9-x86

Analysis

  • max time kernel
    299s
  • max time network
    309s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240624-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system
  • submitted
    10-11-2024 14:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    com.baniiz.kedra.apk

  • Size

    8.1MB

  • MD5

    8c68ca54245f1e1513bf1b15dea5e794

  • SHA1

    657ee46f5f7a14b22fd9c1b6933dfe103a61efe6

  • SHA256

    6b83c98557eb4ff3de7b140f71af4f797cbedb39629031aa8fb12320dff1f01b

  • SHA512

    b2e3d7ac106a3e4e1d0db03ea205d84386e081c00c46492567f392ffc6f830385d4ce0d3fb4e3f8dd6ddd428b5f182202b1318c234202dca3fc34d7146f41a8c

  • SSDEEP

    196608:hLt7gHSGEhfejA5jg8sfzDaLEcyDKD+Dks:T1GEhhjg8e25yOiws

Score
7/10
bankercollectioncredential_accessdiscoveryevasionexecutionpersistence

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

    collectionevasioncredential_access
  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
    bankerdiscovery
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

    evasionpersistence
  • Requests enabling of the accessibility settings. 1 IoCs
  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

    executionpersistence

Processes

  • build.ledear.zrpah
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Requests enabling of the accessibility settings.
    • Schedules tasks to execute at a specified time
    PID:4615

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-10.txt
    Filesize

    13B

    MD5

    de2c41a51ee9246eb1708f65b511add0

    SHA1

    2f442d634c8a18760a232c8829d4b5d74a52f074

    SHA256

    ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

    SHA512

    7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-10.txt
    Filesize

    37B

    MD5

    03399e6f7f228cd83301ffd20a3a6e5d

    SHA1

    f5e2b18dd419acb790e4d67dcf87e7b183db5cb2

    SHA256

    6d6f932adc57aa2368f3b0a86619794956249a157f0401ce1f9c121f796c3134

    SHA512

    de4d8bef635260b70e45c731f7ea974595c385c360170852ea100399087572c2012bfef1a8d45c3bf6fb770d8ba815015857600d94cbba621a5b3a3e5140bbb2

    Download Submit

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-10.txt
    Filesize

    57B

    MD5

    17c1690a4556b7b73496094bace3d9b3

    SHA1

    f5a027ab7edfa20672f505bfb6d3da9c96103555

    SHA256

    0e5a72e6d5a664254e007a8c564f8a4866b51b8928f5b0ab82b86d937a371b46

    SHA512

    6628bd2adf078e4dd7c5cbc541c851bad34dd3bf974f557b823d392174a4cffabdbfbd0711a744c570945581363c0b4da0316c8e8f01aafba9961174c732ae14

    Download Submit