Analysis
-
max time kernel
2079796s -
platform
android_x86 -
resource
android-x86-arm -
submitted
13-10-2021 23:21
Static task
static1
Behavioral task
behavioral1
Sample
Porno_izle.apk
Resource
android-x86-arm
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Porno_izle.apk
Resource
android-x64-arm64
0 signatures
0 seconds
General
-
Target
Porno_izle.apk
-
Size
2.7MB
-
MD5
d00c507fc93850d691e025b56724d91d
-
SHA1
a50258d4438d4a8272e7c0d8738440c29e34d71d
-
SHA256
1df4a7de1532dd1787e9a8d488016323409ca8052b2afecf9855d864b6c9b315
-
SHA512
1f508e2b08770fb0f240b2e02d194818f1a195a4bfdb72c0695f17d1690d3611724d8cd8c7642a9f3d034dccb026de7bb460d2aa8c5492091923f9bdb58c4ca4
Malware Config
Extracted
Family
cerberus
C2
http://161.97.75.127
Signatures
-
Loads dropped Dex/Jar 3 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.wheat.seek/app_DynamicOptDex/Fkua.json 4711 com.wheat.seek /data/user/0/com.wheat.seek/app_DynamicOptDex/Fkua.json 4739 /system/bin/dex2oat /data/user/0/com.wheat.seek/app_DynamicOptDex/Fkua.json 4711 com.wheat.seek -
Requests enabling of the accessibility settings. 1 IoCs
description ioc Process Intent action android.settings.ACCESSIBILITY_SETTINGS com.wheat.seek -
Uses reflection 1 IoCs
description pid Process Invokes method android.content.pm.PackageManager.isInstantApp 4711 com.wheat.seek