Analysis Overview
SHA256
4aa281c6840591127f3e01d89f0c5da4e17fb46132486a871c989c5025f04cac
Threat Level: Known bad
The file Hadise_Ifsa.apk was found to be: Known bad.
Malicious Activity Summary
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
Cerberus
suricata: ET MALWARE Generic Request to gate.php Dotted-Quad
Loads dropped Dex/Jar
Requests dangerous framework permissions
Reads information about phone network operator.
Listens for changes in the sensor environment (might be used to detect emulation).
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2021-12-07 21:35
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2021-12-07 21:35
Reported
2021-12-07 21:50
Platform
android-x64
Max time network
17s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:853 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2021-12-07 21:35
Reported
2021-12-07 21:51
Platform
android-x64
Max time network
47s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:853 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2021-12-07 21:35
Reported
2021-12-07 21:52
Platform
android-x64
Max time kernel
2531405s
Max time network
95s
Command Line
Signatures
Cerberus
suricata: ET MALWARE Generic Request to gate.php Dotted-Quad
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.mind.rude/app_DynamicOptDex/jERuO.json | N/A | N/A |
| N/A | /data/user/0/com.mind.rude/app_DynamicOptDex/jERuO.json | N/A | N/A |
Reads information about phone network operator.
Listens for changes in the sensor environment (might be used to detect emulation).
| Description | Indicator | Process | Target |
| Framework API call | android.hardware.SensorManager.registerListener | N/A | N/A |
Processes
com.mind.rude
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:853 | tcp | |
| US | 51.81.186.22:80 | 51.81.186.22 | tcp |
| US | 216.239.35.0:123 | time.android.com | udp |
Files
/data/user/0/com.mind.rude/app_DynamicOptDex/jERuO.json
| MD5 | b38fa3ee1f65b2d1ae7ed3d53390cfe6 |
| SHA1 | 6b9164362519b18ea4a0b90a2263eda35344ddf7 |
| SHA256 | 82004d68c90f03287999315a5e8d3226b50331cb2a2dd1f390b8650139539c05 |
| SHA512 | 316399b909ce6d26e645a48d1f65985c94e8a970977ea4dc62eef4d276d34375f619ee4f38045f34f920e3f9a4dde621df293087a8f42724e8647bd43335b94d |
/data/user/0/com.mind.rude/app_DynamicOptDex/jERuO.json
| MD5 | b38fa3ee1f65b2d1ae7ed3d53390cfe6 |
| SHA1 | 6b9164362519b18ea4a0b90a2263eda35344ddf7 |
| SHA256 | 82004d68c90f03287999315a5e8d3226b50331cb2a2dd1f390b8650139539c05 |
| SHA512 | 316399b909ce6d26e645a48d1f65985c94e8a970977ea4dc62eef4d276d34375f619ee4f38045f34f920e3f9a4dde621df293087a8f42724e8647bd43335b94d |