4e3f9b875acc9c3bc61640b5f1f5657cada06b9d329c51d5e692c0fb123cec48

Analysis

max time kernel
299s
max time network
306s
platform
android_x64
resource
android-x64-20240624-en
resource tags

androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system
submitted
10-11-2024 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

com.baniiz.kedra.apk
Size

8.1MB
MD5

f46d9bbfdf0f4dc2700c9ba2a97f6bb6
SHA1

e7b00fc293206af92bdda8bbf1aeb2b21a89802c
SHA256

4e3f9b875acc9c3bc61640b5f1f5657cada06b9d329c51d5e692c0fb123cec48
SHA512

be72caf0b9f088c5f5e603ac8610f7a8691cc2c48a93314029df3cc92f066f20c97cd4d4b668a2dc3ce2561a881996fc678c6df23116c66a8246e38158d4a881
SSDEEP

196608:ImL6smkwhX0V83qtg8mUzlaLEJaDRDTDYr:ssFwrwg8n0MaVncr

Score

7^/10

banker collection credential_access discovery evasion execution persistence

Malware Config

Signatures

Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

Retrieves information displayed on the phone screen using AccessibilityService.

collection evasion credential_access

Input Injection

T1516

Screen Capture

T1513

Keylogging

T1417.001

GUI Input Capture

T1417.002

description	ioc	Process
Framework service call	android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId	build.ledear.xewdt

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
banker discovery

Security Software Discovery
T1418.001

Acquires the wake lock 1 IoCs

description	ioc	Process
Framework service call	android.os.IPowerManager.acquireWakeLock	build.ledear.xewdt

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

Application may abuse the framework's foreground service to continue running in the foreground.

evasion persistence

Foreground Persistence

T1541

description	ioc	Process
Framework service call	android.app.IActivityManager.setServiceForeground	build.ledear.xewdt

Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs

persistence

Broadcast Receivers

T1624.001

description	ioc	Process
Framework service call	android.app.IActivityManager.registerReceiver	build.ledear.xewdt

Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

execution persistence

Scheduled Task/Job

T1603

description	ioc	Process
Framework service call	android.app.job.IJobScheduler.schedule	build.ledear.xewdt

build.ledear.xewdt
1⤵
- Makes use of the framework's Accessibility service
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Schedules tasks to execute at a specified time
PID:4970

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Scheduled Task/Job

T1603

Persistence

Event Triggered Execution

T1624

Broadcast Receivers

T1624.001

Foreground Persistence

T1541

Scheduled Task/Job

T1603

Privilege Escalation

Defense Evasion

Foreground Persistence

T1541

Input Injection

T1516

Credential Access

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Discovery

Software Discovery

T1418

Security Software Discovery

T1418.001

Lateral Movement

Collection

Input Capture

T1417

GUI Input Capture

T1417.002

Keylogging

T1417.001

Screen Capture

T1513

Command and Control

Exfiltration

Impact

Input Injection

T1516

Replay Monitor

Loading Replay Monitor...

Downloads

/storage/emulated/0/Config/sys/apps/log/log-2024-11-10.txt

Filesize
13B

MD5
de2c41a51ee9246eb1708f65b511add0

SHA1
2f442d634c8a18760a232c8829d4b5d74a52f074

SHA256
ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

SHA512
7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-11-10.txt

Filesize
33B

MD5
4a6d8d7e309a7e0e57c43858d5808666

SHA1
bcfefe9407b9b1464b3fdc5c2daf4d28006e31e8

SHA256
1d3b3b700fb12533276cb469bd75ec44f6a5b6f6eb238824a8151e9286931460

SHA512
65d414fc07d6b46a03c0dc2d513189a4ab29f87517086068eae5ca45dde0b4d61453edb89f2c123dd579945f0294451dc0d74d2a66652ee424e54356480faeb7

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-11-10.txt

Filesize
29B

MD5
35029f704c2e9f54f09f7c4fcf958b6e

SHA1
aa90baf4fed34a19f1f4ddfc5b6a19283b1e350a

SHA256
e2bf173eec817dae170486929e35843a356b13c3e95a16d1e95a50251b8b8747

SHA512
88fd229b2531bccc0f60a11440d8c700b518076351183640a69e4eb9a2c534d40a4d8a5f60f1e7d0788b4836b6311c0e6f9087229dd398d0a1a91e2623dccfd7

Download Submit
/storage/emulated/0/Config/sys/apps/log/log-2024-11-10.txt

Filesize
57B

MD5
17c1690a4556b7b73496094bace3d9b3

SHA1
f5a027ab7edfa20672f505bfb6d3da9c96103555

SHA256
0e5a72e6d5a664254e007a8c564f8a4866b51b8928f5b0ab82b86d937a371b46

SHA512
6628bd2adf078e4dd7c5cbc541c851bad34dd3bf974f557b823d392174a4cffabdbfbd0711a744c570945581363c0b4da0316c8e8f01aafba9961174c732ae14

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads