Analysis

  • max time kernel
    10s
  • max time network
    144s
  • platform
    android_x64
  • resource
    android-x64-arm64-20240221-en
  • resource tags

    androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
  • submitted
    07-03-2024 03:45

General

  • Target

    2eb4546ef8f173039501329088e7cf81.apk

  • Size

    1.7MB

  • MD5

    2eb4546ef8f173039501329088e7cf81

  • SHA1

    3d5fcfbcc0c6689e0f3a28483126c0348fd6793e

  • SHA256

    6260f500a0847ecebe34f4fcbe89cf5f9708669dabe7bb1dfa6ca0d2f3cbd107

  • SHA512

    d79a9ea31cc6a5377c32079b72d587a0dbe9578d65b462275bfd798ef9741d4751c5d960ae2da06644e6736f5bce07ce5727e11e4e465648723b108e3e7dc39e

  • SSDEEP

    49152:sGmzInM7lq0g+5zZEnZe7kdMg/Fb+xbHeG3q:gGMpawEZXRx+bq

Malware Config

Signatures

  • Removes its main activity from the application launcher 1 TTPs 1 IoCs
  • Reads the content of photos stored on the user's device. 1 TTPs 1 IoCs
  • Reads the content of the call log. 1 TTPs 1 IoCs
  • Acquires the wake lock 1 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

Processes

  • com.sas.seafkoagent.seafkoagent
    1⤵
    • Removes its main activity from the application launcher
    • Reads the content of photos stored on the user's device.
    • Reads the content of the call log.
    • Acquires the wake lock
    PID:4390

Network

MITRE ATT&CK Mobile v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • /data/user/0/com.sas.seafkoagent.seafkoagent/databases/evernote_jobs.db

    Filesize

    16KB

    MD5

    59a6f5a47e5f7cc3fbeb3554b9a1716b

    SHA1

    5300611869d10ebb568c50298416ae2d8b27907d

    SHA256

    d4e61a70b49bd35acd3057ce9a093e8ce19852457547d0b535d5831009124d35

    SHA512

    82a5bb8a1fc36e574349c9ecad6f13ba1d10d53ac97da0d503bcb384c786f80cd22d2a889f25d7eccb7bd21330dbcb14dea2a6813ab7ad39b0e991d604dc28f3

  • /data/user/0/com.sas.seafkoagent.seafkoagent/databases/evernote_jobs.db-journal

    Filesize

    512B

    MD5

    bffcb744ad662644877bdf8ed45598da

    SHA1

    0a208becebcb75fe763985a2005990367f6b71b4

    SHA256

    30df10928c2302e8834f6c0b4afed7dbe9293cd77295ac84fb5a3c07a3541527

    SHA512

    d998a11622c23a24f45f90a859b143b43db565037b3af2ef38dc238854dfc019fe3161d1fe016148ed304a40192a76cce794ac052bc0a9316cd7866e9701354d

  • /data/user/0/com.sas.seafkoagent.seafkoagent/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    91b7973a10582b8e314b7e3627c6451f

    SHA1

    e33cdb7282e2f3ba8993f457b1112180f17e32e1

    SHA256

    f276d79531dd363022bde30abf399df5637e1800cdc5aab244e4526f7575d27f

    SHA512

    44ff34692dff961c5928769a76c0b19accd3f248f1e80457db8787baf2df6996e449a408df0b979b6705c989d6f1689344c566621e6eb76007eb41f2e878e9f9

  • /data/user/0/com.sas.seafkoagent.seafkoagent/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    a5e1662114d2658735bba9fd6219d1fe

    SHA1

    52423664d4aafdee5c72dccee1db83d28c3a7ddc

    SHA256

    6601f233da7245227fe617804f453eb43e33d87c870f6633984b1590c365ee96

    SHA512

    4fd495064ac78012116b8b3e947dd3423338891caf81e766e56d8b8edafdfcf2a3d8818a1465742b46a1abd7e5196ed10739c7051b9fe945ba9d18a631557cfe

  • /data/user/0/com.sas.seafkoagent.seafkoagent/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    a19ad5b411a59d034a39eec1f3d29566

    SHA1

    ddee1df7506fa316346b7a28f30b093f2ff07fc0

    SHA256

    f0de2802c8fe3b1133707daaedf7654f5829f8f7a428e4f6f3bb45f09f6b242e

    SHA512

    b57c2e243fec1ec9bd8cfcf4d3cba3d67a3813385e0143da1e4880827bf6506637c0996ec5cc45b458b82b46162d122b60f4aa0b92c9e54b2fab22529d31be52

  • /data/user/0/com.sas.seafkoagent.seafkoagent/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    c558d7fe657bdfad1b6a3fa2d69cd762

    SHA1

    96364e3503a1025fa1430963ffc0773c4b50a2a0

    SHA256

    6fcf682167d274100bd592419e3a141a9caac255d610b2de5d9207768e223106

    SHA512

    11a2c40181b7d6c920b580e58399381bd348b8ca395a5b0c2acf0d5deba8ce49a5c1ebceb8e9fcabe91d086b1a58979736cd72471ebec2873c5945e9f7fd51ea

  • /data/user/0/com.sas.seafkoagent.seafkoagent/databases/evernote_jobs.db-journal

    Filesize

    8KB

    MD5

    23d2c2b4d6082dcb200b1dea07391076

    SHA1

    4355d833c3c4a85e84fb0f76db2061ed509fb597

    SHA256

    63370584fbd79785318be50f81a94ae6c649970fa5dcbc9ce415608124af77ba

    SHA512

    5af950bfb030a044034bbe90d53845c9425be07dde7ab48a6264ec418c125920f2a5aaddc3957f11ef9e08c83f6e6509473fad3b7153f605108d7d491c1f30df