6f1eb9c21b026eecfd65459ec4cffe3954d24619010741e18722108d7bacf3d1

Resubmissions

02-04-2024 06:55

240402-hp2xvaad7v 10

24-11-2022 08:04

221124-jybmpaad66 7

Analysis

max time kernel
38s
max time network
47s
platform
android_x64
resource
android-33-x64-arm64-20240229-en
resource tags

androidarch:arm64arch:x64image:android-33-x64-arm64-20240229-enlocale:en-usos:android-13-x64system
submitted
02-04-2024 06:55

Sharing

Copy URL

Twitter E-mail

Reason

exit status 1: "{\"level\":\"fatal\",\"error\":\"emulator exited with error: signal: segmentation fault\\nWARNING | userdata partition is resized from 6 M to 16384 M\\nERROR | resizing partition e2fsck failed with exit code 8\\nWARNING | cannot add library /opt/android-sdk-linux/emulator/qemu/linux-x86_64/lib64/vulkan/libvulkan.so: failed\\nWARNING | Requested adb port (28012) is outside the recommended range [5555,5586]. ADB may not function properly for the emulator. See -help-port for details.\",\"time\":\"2024-04-02T06:56:33Z\",\"message\":\"Execution error\"}"

Report Analysis Logs

General

Target

SharkBot (15).apk
Size

14.9MB
MD5

cfe82625d3db2378994554ef7a2eba2b
SHA1

e511c4d99bfe0f8b47c32ea0c88b9d1024fbbd61
SHA256

6f1eb9c21b026eecfd65459ec4cffe3954d24619010741e18722108d7bacf3d1
SHA512

8742aab0ed45a1bc307a715d478acd7f6a37feb0029d4988496d27116c1907495476b4dfc98a997d0d3ae82971e44a20d2677861c0bede98c5806f2b2b78e27f
SSDEEP

393216:RPI3MBmacX7X52NWdXJq2TN51XIwUpObrfum7X9:RPIiqgY5xSOLX9

Score

7^/10

evasion persistence

Malware Config

Signatures

Loads dropped Dex/Jar 1 TTPs 5 IoCs

Runs executable file dropped to the device during analysis.

evasion

Download New Code at Runtime

T1407

Processes:

com.sidalistudio.developer.app

ioc	pid	process
/system_ext/framework/androidx.window.extensions.jar	4318	com.sidalistudio.developer.app
/system_ext/framework/androidx.window.extensions.jar	4318	com.sidalistudio.developer.app
/system_ext/framework/androidx.window.sidecar.jar	4318	com.sidalistudio.developer.app
/system_ext/framework/androidx.window.sidecar.jar	4318	com.sidalistudio.developer.app
/data/user/0/com.sidalistudio.developer.app/cache/1664557424545.jar	4318	com.sidalistudio.developer.app

Makes use of the framework's foreground persistence service 1 TTPs 1 IoCs
Application may abuse the framework's foreground service to continue running in the foreground.
evasion persistence

Foreground Persistence
T1541

Processes:

com.sidalistudio.developer.app

description ioc process

Framework service call android.app.IActivityManager.setServiceForeground com.sidalistudio.developer.app
Uses Crypto APIs (Might try to encrypt user data) 1 IoCs

Processes:

com.sidalistudio.developer.app

description ioc process

Framework API call javax.crypto.Cipher.doFinal com.sidalistudio.developer.app

description	ioc	process
Framework service call	android.app.IActivityManager.setServiceForeground	com.sidalistudio.developer.app

description	ioc	process
Framework API call	javax.crypto.Cipher.doFinal	com.sidalistudio.developer.app

com.sidalistudio.developer.app
1⤵
- Loads dropped Dex/Jar
- Makes use of the framework's foreground persistence service
- Uses Crypto APIs (Might try to encrypt user data)
PID:4318

Network

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

T1541

Privilege Escalation

Defense Evasion

Download New Code at Runtime

T1407

Foreground Persistence

T1541

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/data/data/com.sidalistudio.developer.app/cache/1664557424545.jar

Filesize
10KB

MD5
dfb68e70e8eb84d844c9ce623ee069c1

SHA1
369e761858a904fe9fb89efcfc9bd3e6e56ee44f

SHA256
8ba015cb192f34326e6a46f765c6712d87c3797661541275c84b9a30ee449eec

SHA512
0d5f8ff91d3cd5c976cadf774b8d5cd6f276793b9eb9f3d8e7168eae122b0bfcffd833be9762de441d4b52f7bb3eb3850479aea37ac327be9b71910c6fdc566a

Download Submit
/data/data/com.sidalistudio.developer.app/cache/oat/x86_64/1664557424545.vdex

Filesize
948B

MD5
480d07e0214aeb0d51a0d29f6f0a6a22

SHA1
bb1a0580bf436ffe93d91756a9e2e646e449be9f

SHA256
e9e16898bfb89b40c3e9972f977730473d9b45ed0fdc5cbf868ff0e71f064290

SHA512
31c58c4bbeb49cc1ca7c705b829c55b50d980e9248277f9c96f1602fb1e6be8e7e3d3add5d3b002d28015822dc277e21905eec9dcc5685567c36e5ab97444171

Download Submit
/data/data/com.sidalistudio.developer.app/databases/google_app_measurement_local.db

Filesize
16KB

MD5
da4c81d9a032121236a4ed034c0cc9d9

SHA1
6ea1d3d14a34c4dbe056fc4380747d3970cb3498

SHA256
30b7dde5771b5ef3cb6cd033fa2b1618a0674f41f47c1441855f3da24887a0ff

SHA512
e61d8e6af3d48cc6e95e34568209bc24308db9d751dd1451538907df0e7caa67e329c4615911b0c6614275f3e5cfb2a8a38288f5818487c5d292c18dd857849f

Download Submit
/data/data/com.sidalistudio.developer.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
52e3faa4f234dea3a36f8dd7ab893362

SHA1
206d1746c966200c07fb3c86612463611eb6a7cd

SHA256
f467d9aee14b498564222fb1631fde91bb92d6d6523c529b53da63564d868698

SHA512
75d16274c0d0e40cc1b5eb565f0e20aa42a22683685e73ef27eccb9fdbc9d4fbb689afaab0502d62b229c572a285c714968d5249cc0aa418711b7bd7fe90ec00

Download Submit
/data/data/com.sidalistudio.developer.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
cbbb95d32f185c16d00816510157a640

SHA1
52185162f1d83558d254c1c08a6396239679df24

SHA256
d266d25633f24286803cb69e7da454a3d70f2b0bce3e3afa33ef86838bedb16d

SHA512
e49927028c6c356609d4292140776d13fb2de308fa20ca0676106b47212cd9ad55c766582ae47dff739a7b5c73f251d543348b478c00450e8f456563df6b6373

Download Submit
/data/data/com.sidalistudio.developer.app/databases/google_app_measurement_local.db-journal

Filesize
512B

MD5
5f2c5d7125fb52a8d01794998e60bf24

SHA1
17405498307e6897c6199c74737b7e9236b33309

SHA256
8b6ac4f7a008314c944326f06c358b5e50dbab9d82fa254dcdd1a158e5ffd6a8

SHA512
fb71a6395be5249f6987326fee65239881588439388d93af6bfc1656ff1ee99343314e8f984a4782a50f70fa1834610f25d28a9e17eba5aa3cd01c1e2f29cde8

Download Submit
/data/data/com.sidalistudio.developer.app/databases/google_app_measurement_local.db-journal

Filesize
8KB

MD5
db2834d47ba892cd489f690c781cd426

SHA1
8a453a1883063ff33622941c00f4a262ff9bc88c

SHA256
b71b64fd38aba0890e32b165b62e4bd08866775301e713875f0e90d278e9893e

SHA512
4cb254a95dc93387d7830380cf422d5579234425b4cff669fab450abcdadec7bf9a9167ec1cf28f5377e6a56fe0663abbfe8c228c746aa320186360d5671fad9

Download Submit
/data/data/com.sidalistudio.developer.app/databases/google_app_measurement_local.db-journal

Filesize
4KB

MD5
15036aa3d5a0b6c0b0f2a6799138b560

SHA1
c4bf50e86c9210e6303339d66f70a0c623ade416

SHA256
2b4eec0ea47ef93cb4bdafce7abd098e8923aacba0225d0032d3dcb8725456ad

SHA512
c48c57af23deeeeaffd41211c48e7856d292546466aa203ca06ef7ad5cac317ff41f0647645f26ef44203571beb635a9b32a7397269bc6568793e2548f2af01a

Download Submit
/data/data/com.sidalistudio.developer.app/no_backup/androidx.work.workdb

Filesize
4KB

MD5
0eb157e1a86d4d00aa601dd2f6ff3ee3

SHA1
fee434f784e73cc7916322e949f727caf8363102

SHA256
b9a8194b71a046e8c0eb30995827b582b4bea834f630a5df2483b778a7d7d8a4

SHA512
b9b79b8c3af8a3f140df230fd89e95206358ba50ff214e7323a2dbbe2937b795f970e588302ffd5d721318bd597ce0a27af26d6cdb07f45569c30209845082a8

Download Submit
/data/data/com.sidalistudio.developer.app/no_backup/androidx.work.workdb-journal

Filesize
512B

MD5
cc373418cd1afbc6b2a3371df0730e63

SHA1
46f92a403a2526181d02c9c6c2f99d449b1ccd8c

SHA256
37c67ad50a0cce122705f511c0951e7a22a73ec812e5bc29d83f94ac20c38ebd

SHA512
41115084083f7860df4367394cd2ddb4f08757786b902454f3785ad86c2248c41ce4c238a949bbde7bdc2d5c32c295167f424f9cba477aa79dad4e2002df249e

Download Submit
/data/data/com.sidalistudio.developer.app/no_backup/androidx.work.workdb-shm

Filesize
32KB

MD5
bb7df04e1b0a2570657527a7e108ae23

SHA1
5188431849b4613152fd7bdba6a3ff0a4fd6424b

SHA256
c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479

SHA512
768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

Download Submit
/data/data/com.sidalistudio.developer.app/no_backup/androidx.work.workdb-wal

Filesize
16KB

MD5
6b1a82ff35d61f200cfc4f4f1185bed6

SHA1
da5bf48064d98309c3d3e0a04a57f2c5abbb74dd

SHA256
15c3a5e0aa337ca41b91d23070d4c1759ae57026ef9018e79e48955627e15c67

SHA512
6e6d71cfe6d932b879cfa9e544d15f8f35c453358d5ab87471a430f645c71a569e354d409e131be7baa525be8ee5b40b49136482249ba545cf1289bbd4223cd2

Download Submit
/data/data/com.sidalistudio.developer.app/no_backup/androidx.work.workdb-wal

Filesize
108KB

MD5
07875a10473de2a31109a36c1cb86608

SHA1
e5ac9dbcf6844087d4c28f104e2cb49e821c9a0a

SHA256
0ed8ef193ff7f95702c3aa8690c0b80044403a38f110a8f059b18fe8fcf127d0

SHA512
e5289e90ed75463b0a3dd24f6de051359d0d8260f14920ca258faf3b0997928840fdee674b7ae04bf2b3a64528ce8270d722e21d7b88f2cff1dd38fc06edb8f7

Download Submit
/data/user/0/com.sidalistudio.developer.app/cache/1664557424545.jar

Filesize
21KB

MD5
722310b17c81cc3d780d23e1a63eb450

SHA1
0a0c1a939f923570e5da88aa5c7b105052f056e3

SHA256
9f2d7ff525ca785553557c351812252c0beface31440517e2f19929fe76472b1

SHA512
1a48e9383a0befb0c6b4755a8b56f352fba317910308f701e13ce8189c465cade6b0af510165d586745f1913a61cc68f91395949202394336a59c34596691a91

Download Submit
/system_ext/framework/androidx.window.extensions.jar

Filesize
123KB

MD5
3056e1bdb7d4e19789d0319eff484bd0

SHA1
6791ae47aa9466fe0bca27ad6643f846853bbee4

SHA256
8e6331a07c9f2ac139214c527dcaff2c82d126bbe7bd3420cdc36d6a8c9204b0

SHA512
c790980fd68d9f89e32743bc28846807d5e5947c555f494de47714dec5cbd0c08d81c3260fa463759d1b17a953af3c44ec30b14fb08bf6b29db3837346c9f658

Download Submit
/system_ext/framework/androidx.window.sidecar.jar

Filesize
25KB

MD5
29469324e59dfcc052f24b5af4e7b2c4

SHA1
10c1e17ac6f598037bb51baa07945663645de4eb

SHA256
9195dc6a1c75a841384050240dfc972e48178964993fba6619788625f4b40d1a

SHA512
5e27c2b1431369a248298f2f749136a575005584f9999f2a4c204a0c47adce2e33c8df9f058bdafa1bde1c99e46d175560cedfcddcd8581718ed1d9973c37cc2

Download Submit