Analysis Overview
SHA256
af26d6133f5729cfb029d129ca8bab77e9d7bb2903565ba2389f657e7d1e2a91
Threat Level: Known bad
The file magisk-delta-r65c0a20a-kitsune.apk was found to be: Known bad.
Malicious Activity Summary
Antidot family
Antidot payload
Requests dangerous framework permissions
Queries information about active data network
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-20 16:49
Signatures
Antidot family
Antidot payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-20 16:49
Reported
2024-12-20 16:51
Platform
android-x86-arm-20240624-en
Max time kernel
2s
Max time network
131s
Command Line
Signatures
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
io.github.huskydg.magisk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/io.github.huskydg.magisk/primary.prof
| MD5 | a02364eb156d8a8bcc281f6133d013ed |
| SHA1 | a42918a07aac5cc8337647281cbdb987c5d20614 |
| SHA256 | 907c57ce1bf5d1286ff334868b7dd152f95e26854b22752524e64a5fcfaa3425 |
| SHA512 | 0a697c2622b67270c2fc95ef20db11723373681599cc668e845de2e639aa8d4e80bbfd8c3d13ebdf266af906f3add1fe1f8c42d986cc8c93dc51fae06d16c6c1 |
/data/data/io.github.huskydg.magisk/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 00afff76f2e66c6ee8e9ed73114be464 |
| SHA1 | 4f2acf7684adb47e2f160c53a69da8af85be66f3 |
| SHA256 | 35cb616f3f8abee98d3f33250132d7a4933438137247903104e7bbbbd9bc5112 |
| SHA512 | b6728217aabd1e62663ecc25a75812468d153f95d7e0294139e9e8d1ab116b3782dbb18423ba0f1fc4253bd998a251b5c9a746852c7bd75228053ed68c03e9ba |
/data/data/io.github.huskydg.magisk/files/profileInstalled
| MD5 | ea5c80f0b488188057e9530df2e5439c |
| SHA1 | 1260d228d68c9b4df77f90248beac06e89fbffd3 |
| SHA256 | e44a7072d6b505c6877ca6dd85432ecc0af4becbe2adb30b68eb8ebf1da805ac |
| SHA512 | 37970e182b80b18d3014f8af977994aa96ff4f6252da170388367d5cab17268d5d79a90e08867f63fde09bf7c36ae92114abd5213f4dc7ba2f3a95a12b1ece74 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-12-20 16:49
Reported
2024-12-20 16:51
Platform
android-x64-20240624-en
Max time kernel
2s
Max time network
147s
Command Line
Signatures
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
io.github.huskydg.magisk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| GB | 142.250.179.226:443 | tcp |
Files
/data/misc/profiles/cur/0/io.github.huskydg.magisk/primary.prof
| MD5 | a02364eb156d8a8bcc281f6133d013ed |
| SHA1 | a42918a07aac5cc8337647281cbdb987c5d20614 |
| SHA256 | 907c57ce1bf5d1286ff334868b7dd152f95e26854b22752524e64a5fcfaa3425 |
| SHA512 | 0a697c2622b67270c2fc95ef20db11723373681599cc668e845de2e639aa8d4e80bbfd8c3d13ebdf266af906f3add1fe1f8c42d986cc8c93dc51fae06d16c6c1 |
/data/data/io.github.huskydg.magisk/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 5244bba935c014bd97c41bf95940188c |
| SHA1 | a81a4ba7d6c06fac53f3c84fd36040bbd5e96ab4 |
| SHA256 | d98a5b9482ecd524cd31a04da5c01fa2575457486a5fb653dadfedd3b63a16ac |
| SHA512 | 76bf6a095bf69aea85f97d589ff2f0eabec4b48822460c9df5e56a486f92fcabb1a6b4de15f32fcad4bf0e0f068baa81670e509b2f35d7b36152a452e0ad45a8 |
/data/data/io.github.huskydg.magisk/files/profileInstalled
| MD5 | f688e10ce9cf6d2c32d95f8c0b11d8b1 |
| SHA1 | 2d4a00d4b43f6fa0446ed638ab78ec4b5bc1c138 |
| SHA256 | 39c83ba2c9e4de022cda5314ff9ab089ce15bc259231d3d131e8deeccbdd1de7 |
| SHA512 | acc81ff1c4f56f0591665d22b42f12b1172b586843869043fc2aaafd2aeb193f4815e096376ca2693aa28f5549a8589aedac8186ba24906c687731e29e2bcd34 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-12-20 16:49
Reported
2024-12-20 16:51
Platform
android-x86-arm-20240624-en
Max time kernel
7s
Max time network
131s
Command Line
Signatures
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Processes
io.github.huskydg.magisk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.202:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | huskydg.github.io | udp |
| US | 185.199.109.153:443 | huskydg.github.io | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 216.58.201.106:443 | semanticlocation-pa.googleapis.com | tcp |
Files
/data/data/io.github.huskydg.magisk/code_cache/res.apk
| MD5 | e8279715dc245a7d6cdf9fc674949454 |
| SHA1 | 23834b4f917a0849e176e61542d2a98911b925a1 |
| SHA256 | 1e7bf7405c3fee7910b48068befd76ea5a9d40bd5e5534b77a982b55b3657a92 |
| SHA512 | 978f5cf3b1fbaf00c83731075ec3a171f1962a1c9baed264b6126f3ba3c6d87293c71df03f36a598df1cf5f636ce31f883adab7a92a1821fa6d8f7976efa87b3 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-12-20 16:49
Reported
2024-12-20 16:51
Platform
android-x64-20240910-en
Max time kernel
5s
Max time network
152s
Command Line
Signatures
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to request installing packages. | android.permission.REQUEST_INSTALL_PACKAGES | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Processes
io.github.huskydg.magisk
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | huskydg.github.io | udp |
| US | 185.199.108.153:443 | huskydg.github.io | tcp |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
Files
/data/data/io.github.huskydg.magisk/code_cache/res.apk
| MD5 | ca1584a81fba70c375e192c4eca65ae7 |
| SHA1 | 71c645a657c06a8aed1498cad1c6bc8327b3dff0 |
| SHA256 | ae8765429231906ce35c3b6d0d10974dd55c768e08cb4b11338db8935a31e741 |
| SHA512 | 468f5394f87ff3fe47e49d5a7e0bd6f2badb072b21ef31d4e2010f5b060886b52ea3406966107fabbbca88291cb60e7c19569195830f218afd5a9e751ff98799 |
Analysis: behavioral5
Detonation Overview
Submitted
2024-12-20 16:49
Reported
2024-12-20 16:51
Platform
android-x64-arm64-20240910-en
Max time kernel
5s
Max time network
150s
Command Line
Signatures
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Processes
io.github.huskydg.magisk
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | huskydg.github.io | udp |
| US | 185.199.110.153:443 | huskydg.github.io | tcp |
| US | 216.239.32.223:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.193:443 | tcp | |
| US | 216.239.32.223:443 | tcp | |
| GB | 216.58.204.65:443 | tcp | |
| US | 216.239.32.223:443 | tcp |