Analysis
-
max time kernel
299s -
max time network
309s -
platform
android_x64 -
resource
android-x64-arm64-20240624-en -
resource tags
androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240624-enlocale:en-usos:android-11-x64system -
submitted
10-11-2024 14:05
Behavioral task
behavioral1
Sample
com.baniiz.kedra.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
com.baniiz.kedra.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
com.baniiz.kedra.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
com.baniiz.kedra.apk
Resource
android-x86-arm-20240624-en
General
-
Target
com.baniiz.kedra.apk
-
Size
8.1MB
-
MD5
8c68ca54245f1e1513bf1b15dea5e794
-
SHA1
657ee46f5f7a14b22fd9c1b6933dfe103a61efe6
-
SHA256
6b83c98557eb4ff3de7b140f71af4f797cbedb39629031aa8fb12320dff1f01b
-
SHA512
b2e3d7ac106a3e4e1d0db03ea205d84386e081c00c46492567f392ffc6f830385d4ce0d3fb4e3f8dd6ddd428b5f182202b1318c234202dca3fc34d7146f41a8c
-
SSDEEP
196608:hLt7gHSGEhfejA5jg8sfzDaLEcyDKD+Dks:T1GEhhjg8e25yOiws
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
build.ledear.zrpahdescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId build.ledear.zrpah -
Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
-
Acquires the wake lock 1 IoCs
Processes:
build.ledear.zrpahdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock build.ledear.zrpah -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
build.ledear.zrpahdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground build.ledear.zrpah -
Requests enabling of the accessibility settings. 1 IoCs
Processes:
build.ledear.zrpahdescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS build.ledear.zrpah -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
build.ledear.zrpahdescription ioc process Framework service call android.app.job.IJobScheduler.schedule build.ledear.zrpah
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13B
MD5de2c41a51ee9246eb1708f65b511add0
SHA12f442d634c8a18760a232c8829d4b5d74a52f074
SHA256ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab
SHA5127cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a
-
Filesize
37B
MD503399e6f7f228cd83301ffd20a3a6e5d
SHA1f5e2b18dd419acb790e4d67dcf87e7b183db5cb2
SHA2566d6f932adc57aa2368f3b0a86619794956249a157f0401ce1f9c121f796c3134
SHA512de4d8bef635260b70e45c731f7ea974595c385c360170852ea100399087572c2012bfef1a8d45c3bf6fb770d8ba815015857600d94cbba621a5b3a3e5140bbb2
-
Filesize
57B
MD517c1690a4556b7b73496094bace3d9b3
SHA1f5a027ab7edfa20672f505bfb6d3da9c96103555
SHA2560e5a72e6d5a664254e007a8c564f8a4866b51b8928f5b0ab82b86d937a371b46
SHA5126628bd2adf078e4dd7c5cbc541c851bad34dd3bf974f557b823d392174a4cffabdbfbd0711a744c570945581363c0b4da0316c8e8f01aafba9961174c732ae14