• MINOSS

  • Products

  • Services

  • Education

  • Company

  • Resources

    • Product inquiry

    Malicious APK extraction service using user behavior-based simulation techniques

    Product inquiry

    Overview

    GetAPK, developed in-house by Nurilab, utilizes is the first 'malicious APK extraction service' in Korea that can automatically extract malicious APKs associated with phishing sites by utilizing various analysis and attack techniques for phishing sites.

    * Patent Application - Methods, Devices, and Systems for Extracting and Managing Malicious Software from Phishing Sites (10-2023-0186668)

    How it works

    * When personal information input is required (Targeted phishing attacks) * When no personal information is required (general phishing attacks) Phishing Sites APK download requests Accessing phishing sites URL normalization Phishing site page analysis (hyperlink, script..) Phishing site vulnerabilityanalysis Phishing site attacks Download APK Extract and save APK features

    Key Features

    URL normalization
    • Preprocessing URLs for variants, newlines, special characters, and more
    • URL transformation and expansion
    • Redirect address extraction (extracting final destination URLs)
    Analyze phishing site source code
    • Analyzing the source code of phishing sites
    • Analyze URLs associated with APKs, including submit links, scripts, hyperlinks, etc.
    Download PathPattern Based APK
    • Leveraging user behavior-based simulation techniques
    • Download APK using the optimal extraction path pattern based on phishing site analysis results
    • Automatically learns and updates the corresponding extraction path pattern when the APK download is successful
    Download APKs exploiting security vulnerabilities
    • Analyzing the structure and security vulnerabilities of phishing sites
    • Optimized phishing site security vulnerability attacks and APK downloads
    APK safe storage and information extraction
    • Securely store APKs in a designated location after downloading
    • Extract and store various information for future APK analysis

    APK details

    GetAPK utilizes various analysis and attack techniques to forcefully extract malicious APK files associated with phishing sites. Once the malicious APK has been successfully downloaded, you can check the following details (for example)

    File name
    nisxxxx.apk
    Enter URL
    https://i01.h2pt.autos
    Final destination URL
    https://i01.h2pt.autos
    APK Extraction Path (Down Flow)
    https://i01.h2pt.autos -> https://i01.h2pt.autos/js/layer/skin/default/layer.css?v=3.0.1111FlowS -> https://i01.h2pt.autos/apk/nhis.apk
    File size
    9.51 MB (9971502 bytes)
    MD5
    27589cc30adbfe9d7028daf2c970110f
    SHA-1
    31942ac6408d9e67f8a6221e165b3733981c581a
    SHA-256
    b004f243458eb9e738dd62e1f242cb38b9091560ecc4755986fabaf7885c3b42
    Information from Virustotal Detection
    https://www.virustotal.com/gui/file/b004f243458eb9e738dd62e1f242cb38b9091560ecc4755986fabaf7885c3b42/detection
    App store registration
    Unregistered
    Certificate information
    Provide extractable certificate information
    C2 IP Address
    121.172.188.34

    Frequently asked questions and answers

    ■ What is a targeted phishing attack?

    ■ How does GetAPK provide its services?

    • Terms of use
    • Privacy Policy
    • (07228) #1305-#1306, 220, Yeongsin-ro, Yeongdeungpo-gu, Seoul, Republic of Korea (KnK Digital Tower)
    • CEO : Kei Choi, ChungHo Park
    • Rep : +82-2-2671-3344
    • Support1 : +82-2-2671-2888
    • Support2 : +82-2-2672-2888(CrowdStrike)
    • Fax : +82-2-2138-0909
    • Email : support@nurilab.com