Analysis
-
max time kernel
10s -
max time network
147s -
platform
android_x64 -
resource
android-x64-20240221-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system -
submitted
07-03-2024 03:45
Static task
static1
Behavioral task
behavioral1
Sample
2eb4546ef8f173039501329088e7cf81.apk
Resource
android-x86-arm-20240221-en
Behavioral task
behavioral2
Sample
2eb4546ef8f173039501329088e7cf81.apk
Resource
android-x64-20240221-en
Behavioral task
behavioral3
Sample
2eb4546ef8f173039501329088e7cf81.apk
Resource
android-x64-arm64-20240221-en
General
-
Target
2eb4546ef8f173039501329088e7cf81.apk
-
Size
1.7MB
-
MD5
2eb4546ef8f173039501329088e7cf81
-
SHA1
3d5fcfbcc0c6689e0f3a28483126c0348fd6793e
-
SHA256
6260f500a0847ecebe34f4fcbe89cf5f9708669dabe7bb1dfa6ca0d2f3cbd107
-
SHA512
d79a9ea31cc6a5377c32079b72d587a0dbe9578d65b462275bfd798ef9741d4751c5d960ae2da06644e6736f5bce07ce5727e11e4e465648723b108e3e7dc39e
-
SSDEEP
49152:sGmzInM7lq0g+5zZEnZe7kdMg/Fb+xbHeG3q:gGMpawEZXRx+bq
Malware Config
Signatures
-
pid Process 5088 com.sas.seafkoagent.seafkoagent -
Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://media/external/images/media com.sas.seafkoagent.seafkoagent -
Reads the content of the call log. 1 TTPs 1 IoCs
description ioc Process URI accessed for read content://call_log/calls com.sas.seafkoagent.seafkoagent -
Acquires the wake lock 1 IoCs
description ioc Process Framework service call android.os.IPowerManager.acquireWakeLock com.sas.seafkoagent.seafkoagent -
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 6 ipinfo.io 7 ipinfo.io
Processes
Network
MITRE ATT&CK Mobile v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD534ff4194951600ab46262c0a8d12b002
SHA1f7e1d16ab6acbbc643058e1ee04424b0751a0b29
SHA256b0aaef6ec379602db455d9a608177a049fda4649e759560d0d9ed2fac4f55cc1
SHA5126580b797fb6a743bb878e5fc6083e7eedce07b4e54826779aa3859e311003fd57c47513d24c4901c78da47c721ff09d1efedb40602b32a2f83b4a90dc2a3c11a
-
Filesize
512B
MD520cfac20673ff4c5171f47ed8aaa7780
SHA173d3c306b910ea342200318aedf4d06f4fc2cc69
SHA256116397d7761d858a748c5723493f4468ac72f0e48b45cb87f894951cfbf63364
SHA512a2bf174a0153479b5bf3ddc7ddb5f4d6c04096c15f61869a53294e8f73febb575b64e7d67852d487ed27188ba9d77385e66c8d7bbf8a3db75b224930e7bfe86e
-
Filesize
8KB
MD52f8249a4d78a2bc7df01ce568698f0b2
SHA1018a29e78a54de1767cb19734952cfc35bad142e
SHA2565bbd347f0664258622790bc7a6d60d341ee5d21a06a06e5108296b107fc72f38
SHA512b9401c1a9e3754a94abfb89ade53d9908492257ec77dc56985f6800dd11996d40ad7ebf05b636382c00468635eb83cf44dd7382137543607a69050019e6c170d
-
Filesize
8KB
MD50ba941c35ca0620a86a215b8880cb60b
SHA11d92938745c231d8efeab36eb8c571e11446bb7a
SHA256321dd70e749685f4a93257f68e635cb7f2babed15b454388c1c477f9bb14072e
SHA512bd90582e0f2bf8eeda5ad2f5cdc55604ef8322044c0abb42d03a9b3a776860720433ac90cee3d2bfbec456c1d443fff96a84e8a7e8b8add0a323c3836d052d76
-
Filesize
8KB
MD5c09739685b600c52ee69708e239be3b0
SHA12e0427fdf7cd86aca41e51513564a2b14767b6c1
SHA256ae89531731c5c38159b90a10301f5ae346983a2973c0d5f5c2ffc13274c8ad8c
SHA5122736b6c7754013a0bdec6ffe09f9c2361585a9187c0e71652a9c5a68e83cafc9919f1323abfb5499d679ba3c61d301aa608e7136781a7b7b16b51fcc29cdac0a
-
Filesize
8KB
MD56c314fd67ad503f1f93c13a471abc76a
SHA14f10d20c84bce9eb8619f98cff5a13969ba37be2
SHA256d0e4df9fc311dd7023ee3cdf9c5784e729abbe29ca6e195149f6c7439ec11136
SHA5129362d2323b92c9c5e7633ae74aa4ad924a8f9cb584b72ed45699e9082429097dd518e81aaabad6bcb737ba5833ab21a5d7b62590622e589f3a11ce2c5d7840a0
-
Filesize
8KB
MD5220cdc1f74c51033162afdd338c82de5
SHA1ab17a43d4dc633a0ba2149f5adb54d979f7b834c
SHA256a566cb93aea57e8218ca790c91aca893871d14880daaf34a6860377821d1d3be
SHA512ad50e725bac8918b078e1797a4270fc24a6f4b48dc6b16bc31715c0db11e867f925fc298d4c3dc920d7b8f020bf6d61168f37a07cb8454a69823dbd03c1be16f