6f1eb9c21b026eecfd65459ec4cffe3954d24619010741e18722108d7bacf3d1

Resubmissions

02-04-2024 06:55

240402-hp2xvaad7v 10

24-11-2022 08:04

221124-jybmpaad66 7

Analysis

max time kernel
304s
max time network
305s
platform
android_x64
resource
android-x64-20240221-en
resource tags

androidarch:x64arch:x86image:android-x64-20240221-enlocale:en-usos:android-10-x64system
submitted
02-04-2024 06:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SharkBot (15).apk
Size

14.9MB
MD5

cfe82625d3db2378994554ef7a2eba2b
SHA1

e511c4d99bfe0f8b47c32ea0c88b9d1024fbbd61
SHA256

6f1eb9c21b026eecfd65459ec4cffe3954d24619010741e18722108d7bacf3d1
SHA512

8742aab0ed45a1bc307a715d478acd7f6a37feb0029d4988496d27116c1907495476b4dfc98a997d0d3ae82971e44a20d2677861c0bede98c5806f2b2b78e27f
SSDEEP

393216:RPI3MBmacX7X52NWdXJq2TN51XIwUpObrfum7X9:RPIiqgY5xSOLX9

Score

7^/10

evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.sidalistudio.developer.app

ioc pid process

/data/user/0/com.sidalistudio.developer.app/cache/1616432909849.jar 5097 com.sidalistudio.developer.app
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.sidalistudio.developer.app

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.sidalistudio.developer.app
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.sidalistudio.developer.app

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.sidalistudio.developer.app

ioc	pid	process
/data/user/0/com.sidalistudio.developer.app/cache/1616432909849.jar	5097	com.sidalistudio.developer.app

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.sidalistudio.developer.app

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.sidalistudio.developer.app

com.sidalistudio.developer.app
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Uses Crypto APIs (Might try to encrypt user data)
PID:5097

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sidalistudio.developer.app/cache/1616432909849.jar

Filesize
9KB

MD5
2c84bc0c28d4ac333d267f7a152b4039

SHA1
49e67f04004587ae351d5aba4da5f18644746864

SHA256
1eea5584eb2332554753b4beec7fe8e972bfb3eeadbe0c05dba33de267f25a00

SHA512
44ab6c390cac8b11bf43097293ef73bb620b1466fd671a945639198ea10dea425a0c9443b47752cc0a6689a6f5a7661b35f7a8a350ffcba30a72be60d5f18abd

Download Submit
/data/data/com.sidalistudio.developer.app/cache/oat/1616432909849.jar.cur.prof

Filesize
156B

MD5
ffde861426724406b59909e7068cd537

SHA1
db04489203364be99322f94cd88940172b495265

SHA256
87bd48eed156e52b8cdbb42fa9a1f0cfb2d3071bcbd3f8e55760f1f51e146489

SHA512
479706b6870d1d543904af25ab440ea8bbbc5df64f04ef6ef9e17a8a266fdd516b1ed1c7ff6fd977030e8cce6be60f6d900e800371d9230e6aa6e1237967c7ca

Download Submit
/data/data/com.sidalistudio.developer.app/no_backup/androidx.work.workdb

Filesize
4KB

MD5
f2b4b0190b9f384ca885f0c8c9b14700

SHA1
934ff2646757b5b6e7f20f6a0aa76c7f995d9361

SHA256
0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514

SHA512
ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

Download Submit
/data/data/com.sidalistudio.developer.app/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
081efc6674581560953d112d1853da0f

SHA1
a56d67e8cce8958d5cc81cdfab21c79ab0b5f044

SHA256
7c9d4f16e3b32f1c7b80a2181db141625f976bac0ebbe62185cd8ab8083a8df5

SHA512
1b95e31c994d98b3c7676604c681c23110b0969ca55eda691db87e79ddfa16a8ee42db35d2667f4838fdbce26c5dcaf3dd099c6dedff2cacb370f469399f1d51

Download Submit
/data/data/com.sidalistudio.developer.app/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.sidalistudio.developer.app/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
38edff241602cdc59f267317a860e6dd

SHA1
9a38945a315515e3d882fc5a5e9d59e9eba3924d

SHA256
a908323bb327a69cd51c8611cda39a46ab4132a90f22cc9cdad302dd9d9de838

SHA512
2cc9eeac4a9a8af8b307de0f9a58c4d67ccc0b67bb884d393bbe35b664e4a1790186253d5422dca88957774f94a838ec9ccfcf863f8ad7a100e3d0928c6cf612

Download Submit
/data/data/com.sidalistudio.developer.app/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
d8295b06aa39abe626f2c49ff97ee2ce

SHA1
6c44bdd0ebf8c4178f39a2124875a0e7de600e7f

SHA256
17cf2fa97ac90f898192fcabd9ad90329a8c1096cf48c381fa0fa30c658b52c3

SHA512
d7dd17f951e7f501af0a0e6c52f3f4cbd0401762a61290cb865dc429acfd92fb03cd4052448d30f085e44810550a20211868f3572dae8eb2f91238af10740d1a

Download Submit
/data/user/0/com.sidalistudio.developer.app/cache/1616432909849.jar

Filesize
21KB

MD5
86ce3683020b3f28f4110aac9c769ff7

SHA1
876e0686440524927639a4797b2f13b12a26ce4a

SHA256
be852340e03b169a28811d1ff41582d19638d9fc0540f237ecb960c45bd07071

SHA512
04d03a9963ba49adf5d0d26a21b57e85e21416fcc3d479ce7522149d45f5ab630ff78e590e724695fe29850b08b4dccfa5051daf5d4e4afd9384f7183f887ddc

Download Submit