Analysis
-
max time kernel
56s -
max time network
151s -
platform
android_x64 -
resource
android-x64-20240624-en -
resource tags
androidarch:x64arch:x86image:android-x64-20240624-enlocale:en-usos:android-10-x64system -
submitted
22-10-2024 13:27
Static task
static1
Behavioral task
behavioral1
Sample
a78eb5e01531b42d8380be1d6a507f10610c95557716bb2173b331f80e7d2d81.apk
Resource
android-x86-arm-20240624-en
Behavioral task
behavioral2
Sample
a78eb5e01531b42d8380be1d6a507f10610c95557716bb2173b331f80e7d2d81.apk
Resource
android-x64-20240624-en
Behavioral task
behavioral3
Sample
a78eb5e01531b42d8380be1d6a507f10610c95557716bb2173b331f80e7d2d81.apk
Resource
android-x64-arm64-20240624-en
General
-
Target
a78eb5e01531b42d8380be1d6a507f10610c95557716bb2173b331f80e7d2d81.apk
-
Size
1.7MB
-
MD5
7dd252bc7eb5a0f4af362b30a225b5ed
-
SHA1
e84bf0c991a22e3dff64231dc1508eeb9d1cbbf9
-
SHA256
a78eb5e01531b42d8380be1d6a507f10610c95557716bb2173b331f80e7d2d81
-
SHA512
1342e015fc81da1fe16dd0fd32bdba6919517053fdcc45e4857fb85f9d827b040d96a2c3d3c02581a10e2db3b9a0b6d51aa7f233a5ed61474f18f9493c517841
-
SSDEEP
49152:uUahGKVUaBL2zClijxscjgVunVrgyk/9ygYmhFuONYIc2biMQ7:uUaAKVUaBLfglgExgx9/1hFuONU2biM0
Malware Config
Extracted
cerberus
http://162.55.21.189
Signatures
-
pid Process 4997 com.share.seed -
Loads dropped Dex/Jar 1 TTPs 1 IoCs
Runs executable file dropped to the device during analysis.
ioc pid Process /data/user/0/com.share.seed/app_DynamicOptDex/PZST.json 4997 com.share.seed -
Makes use of the framework's Accessibility service 4 TTPs 2 IoCs
Retrieves information displayed on the phone screen using AccessibilityService.
description ioc Process Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId com.share.seed Framework service call android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId com.share.seed -
Obtains sensitive information copied to the device clipboard 2 TTPs 1 IoCs
Application may abuse the framework's APIs to obtain sensitive information copied to the device clipboard.
description ioc Process Framework service call android.content.IClipboard.addPrimaryClipChangedListener com.share.seed -
Queries the phone number (MSISDN for GSM devices) 1 TTPs
-
Performs UI accessibility actions on behalf of the user 1 TTPs 4 IoCs
Application may abuse the accessibility service to prevent their removal.
ioc Process android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.share.seed android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.share.seed android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.share.seed android.accessibilityservice.IAccessibilityServiceConnection.performGlobalAction com.share.seed -
Queries the mobile country code (MCC) 1 TTPs 1 IoCs
description ioc Process Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone com.share.seed -
Listens for changes in the sensor environment (might be used to detect emulation) 1 TTPs 1 IoCs
description ioc Process Framework API call android.hardware.SensorManager.registerListener com.share.seed -
Registers a broadcast receiver at runtime (usually for listening for system events) 1 TTPs 1 IoCs
description ioc Process Framework service call android.app.IActivityManager.registerReceiver com.share.seed -
Checks CPU information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/cpuinfo com.share.seed -
Checks memory information 2 TTPs 1 IoCs
description ioc Process File opened for read /proc/meminfo com.share.seed
Processes
-
com.share.seed1⤵
- Removes its main activity from the application launcher
- Loads dropped Dex/Jar
- Makes use of the framework's Accessibility service
- Obtains sensitive information copied to the device clipboard
- Performs UI accessibility actions on behalf of the user
- Queries the mobile country code (MCC)
- Listens for changes in the sensor environment (might be used to detect emulation)
- Registers a broadcast receiver at runtime (usually for listening for system events)
- Checks CPU information
- Checks memory information
PID:4997
Network
MITRE ATT&CK Mobile v15
Defense Evasion
Download New Code at Runtime
1Hide Artifacts
2Suppress Application Icon
1User Evasion
1Impair Defenses
1Prevent Application Removal
1Input Injection
1Virtualization/Sandbox Evasion
2System Checks
2Credential Access
Clipboard Data
1Input Capture
2GUI Input Capture
1Keylogging
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
63KB
MD5e55668923d7c9aec5e9e52268f37b14d
SHA10db9c06d230c7bc5fc32bf9bf7e284d10e1044b7
SHA256b72a3b59a5d38ddcdc50349a474a24b95baabac945165cf808c988c50d1494c9
SHA512ec1c90283003644156d5905a2727630baf148c8c920ddbb8ff3b0e6cb9a9f35bffb5af320fbf90c3483aa05b958481dce8ef2348117ab9406fc4a717bec41ac7
-
Filesize
63KB
MD5decebb743a92fe0a0acfdeca968c5d6c
SHA1d32c12030a200b5caf85a07c09dc063ad5431d44
SHA256a92ea079b1602ca7a43ca2048e16475c2832a1b9b98c9602d30779aff6fb3981
SHA512434557959be34d19c1c0b28a74d55c75aa44e97bab79fb55c03f66d29ae1856e78395976c27af6f3c1f4bf972753ab950339877ab7bb9c59cbfef4d77f2ad261
-
Filesize
189B
MD527f52cd95e90bb27f0557ddb456819c3
SHA14a4549809b3292692ec800b395f792b1b508320f
SHA256cf486e3294798fb9680ea040157f4570af2f53631cc36932c095373358e38952
SHA5122111c292e19f93e8d2167c6f88e0718afa498c1f0296a331fce3888c0925c626ee37d5165ac1609978c325a08bb7cd9f352d615c07fb8ae8d70153feb6040460
-
Filesize
124KB
MD5bf3a8b20950af2241e402aa6c819bcbf
SHA1fbe7196d34d9fff857087a88a95df291b02e52c1
SHA256307be83b576c86145b3783ac63ee9f0d99cd759510a8fa5d346bb6a65c8c47af
SHA51268ac1f6de65006b9725ab9272d2cdd320e2281c411a5d78d181cf58e343a19c9496ad770d0a9241e15be2fedf2340ed6bc6cd9feb5cdead3087ff1adcd5232b0