Nurilab - GetAPK

Overview

GetAPK, developed in-house by Nurilab, utilizes is the first 'malicious APK extraction service' in Korea that can automatically extract malicious APKs associated with phishing sites by utilizing various analysis and attack techniques for phishing sites.

* Patent Application - Methods, Devices, and Systems for Extracting and Managing Malicious Software from Phishing Sites (10-2023-0186668)

Key Features

URL normalization

Preprocessing URLs for variants, newlines, special characters, and more
URL transformation and expansion
Redirect address extraction (extracting final destination URLs)

Analyze phishing site source code

Analyzing the source code of phishing sites
Analyze URLs associated with APKs, including submit links, scripts, hyperlinks, etc.

Download PathPattern Based APK

Leveraging user behavior-based simulation techniques
Download APK using the optimal extraction path pattern based on phishing site analysis results
Automatically learns and updates the corresponding extraction path pattern when the APK download is successful

Download APKs exploiting security vulnerabilities

Analyzing the structure and security vulnerabilities of phishing sites
Optimized phishing site security vulnerability attacks and APK downloads

APK safe storage and information extraction

Securely store APKs in a designated location after downloading
Extract and store various information for future APK analysis

APK details

GetAPK utilizes various analysis and attack techniques to forcefully extract malicious APK files associated with phishing sites. Once the malicious APK has been successfully downloaded, you can check the following details (for example)

File name

nisxxxx.apk

Enter URL

https://i01.h2pt.autos

Final destination URL

https://i01.h2pt.autos

APK Extraction Path (Down Flow)

https://i01.h2pt.autos -> https://i01.h2pt.autos/js/layer/skin/default/layer.css?v=3.0.1111FlowS -> https://i01.h2pt.autos/apk/nhis.apk

File size

9.51 MB (9971502 bytes)

MD5

27589cc30adbfe9d7028daf2c970110f

SHA-1

31942ac6408d9e67f8a6221e165b3733981c581a

SHA-256

b004f243458eb9e738dd62e1f242cb38b9091560ecc4755986fabaf7885c3b42

Information from Virustotal Detection

https://www.virustotal.com/gui/file/b004f243458eb9e738dd62e1f242cb38b9091560ecc4755986fabaf7885c3b42/detection

App store registration

Unregistered

Certificate information

Provide extractable certificate information

C2 IP Address

121.172.188.34

Frequently asked questions and answers

■ What is a targeted phishing attack?

■ How does GetAPK provide its services?

GetAPK utilizes various analysis and attack techniques for phishing sites to detect and automatically extract malicious APKs associated with phishing sites.

GetAPK can be deployed on-premise in the enterprise and provides a Rest API for quick and easy integration with various systems in the enterprise.

How we deliver	How it works
GetAPK Web Service (coming soon)	You can use various services such as downloading malicious APKs and extracting information by signing up for GetAPK.
On-Premise (built-in)	You can build an enterprise GetAPK service to integrate with systems that receive APKs, or you can extract and manage malicious APKs through an administrator-built GetAPK service.
Rest API	Even if you don't build a GetAPK service for your organization, you can still use GetAPK functionality by integrating with a variety of systems through the Rest API.

MINOSS

Products

Services

Education

Company

Reversing

Anti-Virus

URL/APK analysis

Contactless Solutions