Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    android-11_x64
  • resource
    android-x64-arm64-20240910-en
  • resource tags

    arch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240910-enlocale:en-usos:android-11-x64system
  • submitted
    10/11/2024, 14:24 UTC

General

  • Target

    com.baniiz.kedra.apk

  • Size

    8.1MB

  • MD5

    768c88c562e1c1c470811022f63084a6

  • SHA1

    5899f34d5b3410215156a395f3431054a62d5821

  • SHA256

    462c44e0dbd9b95cf3d33e284b72be2dbec175a174a5985b882d88614de50ad7

  • SHA512

    eb90abb038bfa330716f059829b89512e0f66a0a5400cd22e110e44df8f09949f72875f5ffe4e8e79b3b94dfff7a6db2c6328f05a958ab0cca18ab726dbc32a0

  • SSDEEP

    196608:Rl7z27o8h4otkBA4x2g8dxzhaLE++DGDeDgRi:Rlu084o4x2g8vIn+6y8I

Malware Config

Signatures

  • Makes use of the framework's Accessibility service 4 TTPs 1 IoCs

    Retrieves information displayed on the phone screen using AccessibilityService.

  • Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps) 1 TTPs
  • Acquires the wake lock 1 IoCs
  • Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs

    Application may abuse the framework's foreground service to continue running in the foreground.

  • Schedules tasks to execute at a specified time 1 TTPs 1 IoCs

    Application may abuse the framework's APIs to perform task scheduling for initial or recurring execution of malicious code.

Processes

  • build.ledear.lycds
    1⤵
    • Makes use of the framework's Accessibility service
    • Acquires the wake lock
    • Makes use of the framework's foreground persistence service
    • Schedules tasks to execute at a specified time
    PID:4597

Network

  • flag-us
    DNS
    android.apis.google.com
    Remote address:
    1.1.1.1:53
    Request
    android.apis.google.com
    IN A
    Response
    android.apis.google.com
    IN CNAME
    clients.l.google.com
    clients.l.google.com
    IN A
    142.250.178.14
  • flag-us
    DNS
    www.youtube.com
    Remote address:
    1.1.1.1:53
    Request
    www.youtube.com
    IN A
    Response
    www.youtube.com
    IN CNAME
    youtube-ui.l.google.com
    youtube-ui.l.google.com
    IN A
    142.250.179.238
    youtube-ui.l.google.com
    IN A
    216.58.213.14
    youtube-ui.l.google.com
    IN A
    216.58.212.206
    youtube-ui.l.google.com
    IN A
    142.250.178.14
    youtube-ui.l.google.com
    IN A
    172.217.16.238
    youtube-ui.l.google.com
    IN A
    142.250.200.46
    youtube-ui.l.google.com
    IN A
    142.250.180.14
    youtube-ui.l.google.com
    IN A
    142.250.187.238
    youtube-ui.l.google.com
    IN A
    172.217.169.14
    youtube-ui.l.google.com
    IN A
    216.58.201.110
    youtube-ui.l.google.com
    IN A
    142.250.200.14
    youtube-ui.l.google.com
    IN A
    142.250.187.206
    youtube-ui.l.google.com
    IN A
    216.58.204.78
    youtube-ui.l.google.com
    IN A
    216.58.212.238
    youtube-ui.l.google.com
    IN A
    172.217.169.46
  • flag-us
    DNS
    www.google.com
    Remote address:
    1.1.1.1:53
    Request
    www.google.com
    IN A
    Response
    www.google.com
    IN A
    142.250.178.4
  • 142.250.200.46:443
    tls, https
    695 B
    40 B
    1
    1
  • 142.250.200.46:443
    android.apis.google.com
    tls
    1.1kB
    4.5kB
    9
    7
  • 142.250.200.46:443
    android.apis.google.com
    tls
    3.7kB
    6.8kB
    16
    14
  • 142.250.178.14:443
    android.apis.google.com
    tls
    2.6kB
    6.2kB
    12
    11
  • 142.250.179.238:443
    www.youtube.com
    tls
    2.0kB
    8.2kB
    16
    13
  • 216.239.32.223:443
    tls, https
    128 B
    40 B
    2
    1
  • 91.214.78.180:4444
    360 B
    6
  • 91.214.78.180:4444
    360 B
    6
  • 91.214.78.180:4444
    300 B
    5
  • 142.250.178.4:443
    www.google.com
    tls
    1.4kB
    5.4kB
    11
    10
  • 142.250.187.193:443
    tls
    135 B
    40 B
    2
    1
  • 216.239.32.223:443
    tls, https
    128 B
    40 B
    2
    1
  • 216.58.204.65:443
    tls
    135 B
    40 B
    2
    1
  • 216.239.32.223:443
    tls, https
    128 B
    40 B
    2
    1
  • 224.0.0.251:5353
    3.8kB
    12
  • 1.1.1.1:53
    android.apis.google.com
    dns
    69 B
    109 B
    1
    1

    DNS Request

    android.apis.google.com

    DNS Response

    142.250.178.14

  • 1.1.1.1:53
    www.youtube.com
    dns
    61 B
    335 B
    1
    1

    DNS Request

    www.youtube.com

    DNS Response

    142.250.179.238
    216.58.213.14
    216.58.212.206
    142.250.178.14
    172.217.16.238
    142.250.200.46
    142.250.180.14
    142.250.187.238
    172.217.169.14
    216.58.201.110
    142.250.200.14
    142.250.187.206
    216.58.204.78
    216.58.212.238
    172.217.169.46

  • 142.250.179.238:443
    www.youtube.com
    https
    1.4kB
    54 B
    1
    1
  • 1.1.1.1:53
    www.google.com
    dns
    60 B
    76 B
    1
    1

    DNS Request

    www.google.com

    DNS Response

    142.250.178.4

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-10.txt

    Filesize

    13B

    MD5

    de2c41a51ee9246eb1708f65b511add0

    SHA1

    2f442d634c8a18760a232c8829d4b5d74a52f074

    SHA256

    ad2d914ca347cd1930e32f21c6d5448c34104bea181b93abc85ec518985653ab

    SHA512

    7cdfbd001594503644e9ed80ae852f90ef9e841a8382e2eec6979e149a2c400a3b83055d205b4d1d66e1600e5127482932d5127eb5800d35a4ee5673fe34d84a

  • /storage/emulated/0/Config/sys/apps/log/log-2024-11-10.txt

    Filesize

    33B

    MD5

    4a6d8d7e309a7e0e57c43858d5808666

    SHA1

    bcfefe9407b9b1464b3fdc5c2daf4d28006e31e8

    SHA256

    1d3b3b700fb12533276cb469bd75ec44f6a5b6f6eb238824a8151e9286931460

    SHA512

    65d414fc07d6b46a03c0dc2d513189a4ab29f87517086068eae5ca45dde0b4d61453edb89f2c123dd579945f0294451dc0d74d2a66652ee424e54356480faeb7

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.