Analysis

  • max time kernel
    10s
  • max time network
    147s
  • platform
    android_x64
  • resource
    android-x64-20240221-en
  • resource tags

    androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
  • submitted
    07-03-2024 03:45

General

  • Target

    2eb4546ef8f173039501329088e7cf81.apk

  • Size

    1.7MB

  • MD5

    2eb4546ef8f173039501329088e7cf81

  • SHA1

    3d5fcfbcc0c6689e0f3a28483126c0348fd6793e

  • SHA256

    6260f500a0847ecebe34f4fcbe89cf5f9708669dabe7bb1dfa6ca0d2f3cbd107

  • SHA512

    d79a9ea31cc6a5377c32079b72d587a0dbe9578d65b462275bfd798ef9741d4751c5d960ae2da06644e6736f5bce07ce5727e11e4e465648723b108e3e7dc39e

  • SSDEEP

    49152:sGmzInM7lq0g+5zZEnZe7kdMg/Fb+xbHeG3q:gGMpawEZXRx+bq

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
  • Reads the content of the call log. 1 TTPs 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

Processes

  • com.sas.seafkoagent.seafkoagent
    1⤵
    • Removes its main activity from the application launcher
    • Reads the content of photos stored on the user's device.
    • Reads the content of the call log.
    • Acquires the wake lock
    PID:5088

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/data/com.sas.seafkoagent.seafkoagent/databases/evernote_jobs.db

    Filesize

    12KB

    MD5

    34ff4194951600ab46262c0a8d12b002

    SHA1

    f7e1d16ab6acbbc643058e1ee04424b0751a0b29

    SHA256

    b0aaef6ec379602db455d9a608177a049fda4649e759560d0d9ed2fac4f55cc1

    SHA512

    6580b797fb6a743bb878e5fc6083e7eedce07b4e54826779aa3859e311003fd57c47513d24c4901c78da47c721ff09d1efedb40602b32a2f83b4a90dc2a3c11a

  • /data/data/com.sas.seafkoagent.seafkoagent/databases/evernote_jobs.db-journal

    Filesize

    512B

    MD5

    20cfac20673ff4c5171f47ed8aaa7780

    SHA1

    73d3c306b910ea342200318aedf4d06f4fc2cc69

    SHA256

    116397d7761d858a748c5723493f4468ac72f0e48b45cb87f894951cfbf63364

    SHA512

    a2bf174a0153479b5bf3ddc7ddb5f4d6c04096c15f61869a53294e8f73febb575b64e7d67852d487ed27188ba9d77385e66c8d7bbf8a3db75b224930e7bfe86e

  • /data/data/com.sas.seafkoagent.seafkoagent/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    2f8249a4d78a2bc7df01ce568698f0b2

    SHA1

    018a29e78a54de1767cb19734952cfc35bad142e

    SHA256

    5bbd347f0664258622790bc7a6d60d341ee5d21a06a06e5108296b107fc72f38

    SHA512

    b9401c1a9e3754a94abfb89ade53d9908492257ec77dc56985f6800dd11996d40ad7ebf05b636382c00468635eb83cf44dd7382137543607a69050019e6c170d

  • /data/data/com.sas.seafkoagent.seafkoagent/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    0ba941c35ca0620a86a215b8880cb60b

    SHA1

    1d92938745c231d8efeab36eb8c571e11446bb7a

    SHA256

    321dd70e749685f4a93257f68e635cb7f2babed15b454388c1c477f9bb14072e

    SHA512

    bd90582e0f2bf8eeda5ad2f5cdc55604ef8322044c0abb42d03a9b3a776860720433ac90cee3d2bfbec456c1d443fff96a84e8a7e8b8add0a323c3836d052d76

  • /data/data/com.sas.seafkoagent.seafkoagent/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    c09739685b600c52ee69708e239be3b0

    SHA1

    2e0427fdf7cd86aca41e51513564a2b14767b6c1

    SHA256

    ae89531731c5c38159b90a10301f5ae346983a2973c0d5f5c2ffc13274c8ad8c

    SHA512

    2736b6c7754013a0bdec6ffe09f9c2361585a9187c0e71652a9c5a68e83cafc9919f1323abfb5499d679ba3c61d301aa608e7136781a7b7b16b51fcc29cdac0a

  • /data/data/com.sas.seafkoagent.seafkoagent/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    6c314fd67ad503f1f93c13a471abc76a

    SHA1

    4f10d20c84bce9eb8619f98cff5a13969ba37be2

    SHA256

    d0e4df9fc311dd7023ee3cdf9c5784e729abbe29ca6e195149f6c7439ec11136

    SHA512

    9362d2323b92c9c5e7633ae74aa4ad924a8f9cb584b72ed45699e9082429097dd518e81aaabad6bcb737ba5833ab21a5d7b62590622e589f3a11ce2c5d7840a0

  • /data/data/com.sas.seafkoagent.seafkoagent/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    220cdc1f74c51033162afdd338c82de5

    SHA1

    ab17a43d4dc633a0ba2149f5adb54d979f7b834c

    SHA256

    a566cb93aea57e8218ca790c91aca893871d14880daaf34a6860377821d1d3be

    SHA512

    ad50e725bac8918b078e1797a4270fc24a6f4b48dc6b16bc31715c0db11e867f925fc298d4c3dc920d7b8f020bf6d61168f37a07cb8454a69823dbd03c1be16f