Analysis
-
max time kernel
299s -
max time network
305s -
platform
android_x64 -
resource
android-33-x64-arm64-20240624-en -
resource tags
androidarch:arm64arch:x64image:android-33-x64-arm64-20240624-enlocale:en-usos:android-13-x64system -
submitted
10-11-2024 14:05
Behavioral task
behavioral1
Sample
com.baniiz.kedra.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral2
Sample
com.baniiz.kedra.apk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral3
Sample
com.baniiz.kedra.apk
Resource
android-33-x64-arm64-20240624-en
Behavioral task
behavioral4
Sample
com.baniiz.kedra.apk
Resource
android-x86-arm-20240624-en
General
-
Target
com.baniiz.kedra.apk
-
Size
8.1MB
-
MD5
8c68ca54245f1e1513bf1b15dea5e794
-
SHA1
657ee46f5f7a14b22fd9c1b6933dfe103a61efe6
-
SHA256
6b83c98557eb4ff3de7b140f71af4f797cbedb39629031aa8fb12320dff1f01b
-
SHA512
b2e3d7ac106a3e4e1d0db03ea205d84386e081c00c46492567f392ffc6f830385d4ce0d3fb4e3f8dd6ddd428b5f182202b1318c234202dca3fc34d7146f41a8c
-
SSDEEP
196608:hLt7gHSGEhfejA5jg8sfzDaLEcyDKD+Dks:T1GEhhjg8e25yOiws
Malware Config
Signatures
-
Makes use of the framework's Accessibility service 4 TTPs 1 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
Processes:
build.ledear.zrpahdescription ioc process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId build.ledear.zrpah -
Acquires the wake lock 1 IoCs
Processes:
build.ledear.zrpahdescription ioc process Framework service call android.os.IPowerManager.acquireWakeLock build.ledear.zrpah -
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
Processes:
build.ledear.zrpahdescription ioc process Framework service call android.app.IActivityManager.setServiceForeground build.ledear.zrpah -
Requests enabling of the accessibility settings. 1 IoCs
Processes:
build.ledear.zrpahdescription ioc process Intent action android.settings.ACCESSIBILITY_SETTINGS build.ledear.zrpah -
Schedules tasks to execute at a specified time 1 TTPs 1 IoCs
Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.
Processes:
build.ledear.zrpahdescription ioc process Framework service call android.app.job.IJobScheduler.schedule build.ledear.zrpah
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
41B
MD573ca8d6af8fdcb567754847440dbfa88
SHA1b1472b764ff81d8165ddfd2958a67aa0d4abddf4
SHA2562296954497d649bc19a7b3213d05d51fc1a68ff71e7de01a7edd56ca0828f14d
SHA5127fb52bb85e0e34f6a3ba928d5e88c2f004344bbd6ae3c163088e6aaaa59b5ce60484c78f93c10deabc6051323f7bbc0c87983ad260ebcb03cc42e49dc7b0019f
-
Filesize
25B
MD5fd8ed43ac31bbf329c395582c15753cd
SHA13c76ee3fa79dde645c0447d6b23d6f435efb3b72
SHA256049d51bf61bf26d7b9e55391560cc23ec59d2240453ac81b87f2e81153b0fcaf
SHA51277bb10d1eeeea15fc35f7232af698c951d3f47a5fff56682bbc32f6bea9ebecc997d89ed88c6dff9c226c09446261f184ecbac9697f95799753d73a71e6c4d37
-
Filesize
13B
MD5de2c41a51ee9246eb1708f65b511add0
SHA12f442d634c8a18760a232c8829d4b5d74a52f074
SHA256ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab
SHA5127cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a
-
Filesize
138B
MD533decfc10531cda4b93af7245a4a2d58
SHA18c185d417b9ad0d560cfbf41a596379e73a2a9bd
SHA256dfa4864bbea8c585838bdd72cdebc2da32e9efffdbc1f2d4f34fe5b0cd192c42
SHA512d810e441243287f5aadeac847106c337e890c24cf806bfee2847cc3a01618a15088b27c76f27308140574083938381d3427eb52949cb12f13d22f4858058f118