6f1eb9c21b026eecfd65459ec4cffe3954d24619010741e18722108d7bacf3d1

Resubmissions

02-04-2024 06:55

240402-hp2xvaad7v 10

24-11-2022 08:04

221124-jybmpaad66 7

Analysis

max time kernel
46s
max time network
311s
platform
android_x64
resource
android-x64-arm64-20240221-en
resource tags

androidarch:armarch:arm64arch:x64arch:x86image:android-x64-arm64-20240221-enlocale:en-usos:android-11-x64system
submitted
02-04-2024 06:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SharkBot (15).apk
Size

14.9MB
MD5

cfe82625d3db2378994554ef7a2eba2b
SHA1

e511c4d99bfe0f8b47c32ea0c88b9d1024fbbd61
SHA256

6f1eb9c21b026eecfd65459ec4cffe3954d24619010741e18722108d7bacf3d1
SHA512

8742aab0ed45a1bc307a715d478acd7f6a37feb0029d4988496d27116c1907495476b4dfc98a997d0d3ae82971e44a20d2677861c0bede98c5806f2b2b78e27f
SSDEEP

393216:RPI3MBmacX7X52NWdXJq2TN51XIwUpObrfum7X9:RPIiqgY5xSOLX9

Score

7^/10

evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
evasion

Download New Code at Runtime
T1407

Processes:

com.sidalistudio.developer.app

ioc pid process

/data/user/0/com.sidalistudio.developer.app/cache/1616432909849.jar 4577 com.sidalistudio.developer.app
Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.sidalistudio.developer.app

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.sidalistudio.developer.app
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.sidalistudio.developer.app

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.sidalistudio.developer.app

ioc	pid	process
/data/user/0/com.sidalistudio.developer.app/cache/1616432909849.jar	4577	com.sidalistudio.developer.app

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.sidalistudio.developer.app

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.sidalistudio.developer.app

com.sidalistudio.developer.app
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Uses Crypto APIs (Might try to encrypt user data)
PID:4577

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sidalistudio.developer.app/cache/1616432909849.jar

Filesize
9KB

MD5
2c84bc0c28d4ac333d267f7a152b4039

SHA1
49e67f04004587ae351d5aba4da5f18644746864

SHA256
1eea5584eb2332554753b4beec7fe8e972bfb3eeadbe0c05dba33de267f25a00

SHA512
44ab6c390cac8b11bf43097293ef73bb620b1466fd671a945639198ea10dea425a0c9443b47752cc0a6689a6f5a7661b35f7a8a350ffcba30a72be60d5f18abd

Download Submit
/data/data/com.sidalistudio.developer.app/cache/oat/1616432909849.jar.cur.prof

Filesize
144B

MD5
6fab7801a51031b5f67ee28c10035fa2

SHA1
bf2d589dab6e6924e59e51bebdc6677918daa99c

SHA256
b3541c50bc7286db1f20253007ae6fd4b7f374e89e371298a7006116c7352fcb

SHA512
d4190ca1a305109386921781d69d10725a894b1e52728daecc125cfc0ea2e5ab840698d62e0c41fb1f16de2bcad6088b386a11630407f39b235ce98f1c648034

Download Submit
/data/data/com.sidalistudio.developer.app/no_backup/androidx.work.workdb

Filesize
4KB

MD5
7e858c4054eb00fcddc653a04e5cd1c6

SHA1
2e056bf31a8d78df136f02a62afeeca77f4faccf

SHA256
9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad

SHA512
d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

Download Submit
/data/data/com.sidalistudio.developer.app/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
0196139d04f3fa43a986f0096655b11c

SHA1
1a2f764bd0a3dd11a24f7bb10ff10dd73b7e331f

SHA256
d0d9bc20d84b39d0e0e612751bfbfa3beb7aace64cc84408c2f747e34934a592

SHA512
f76a5ea65c8ee6d3774a726f509f8b06c36760630bce4906182347bd04b38046dd9d02fddcf61147fefbf4104791b10fdfe8772885cc20b084cff8bc77f54a3f

Download Submit
/data/data/com.sidalistudio.developer.app/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.sidalistudio.developer.app/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
6bf06dca777e858c85bb9a3cd1b59dfc

SHA1
399faf0d349bae5977a4957e6a069b10c1e09b20

SHA256
35e97e83f6d0ccab988dcd713e3b2ec24638a58fac980f440b7e336a1cbfaf54

SHA512
a1fa9fcbda7f290b5a0271f99138e4f7ea9e1ce6a3701a6e1d4f8f87bacadd5aa4faab9f93223167db669b218dbffe5237fae6895da7411f8045f4e3d8489851

Download Submit
/data/data/com.sidalistudio.developer.app/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
84092fcb5a296c4d1b266441da8d8f9e

SHA1
d9a325650746c4963bec84d7f3d433441c486c69

SHA256
e5ae665f11971fb81d664bd686b2260aae37c541cbc5490b9975e8e16f7bd066

SHA512
01b6df1253f497ee243d302e1d94ae11a2d48fa3def18f70dd8defc1ba4e9d49d4365d691f515d42a9906c4b7a1afc834d376faffa4c04ac0b2c9aef8ee150a5

Download Submit
/data/user/0/com.sidalistudio.developer.app/cache/1616432909849.jar

Filesize
21KB

MD5
86ce3683020b3f28f4110aac9c769ff7

SHA1
876e0686440524927639a4797b2f13b12a26ce4a

SHA256
be852340e03b169a28811d1ff41582d19638d9fc0540f237ecb960c45bd07071

SHA512
04d03a9963ba49adf5d0d26a21b57e85e21416fcc3d479ce7522149d45f5ab630ff78e590e724695fe29850b08b4dccfa5051daf5d4e4afd9384f7183f887ddc

Download Submit