Malware Analysis Report

2025-01-19 05:44

Sample ID 211022-plhs5acebl
Target 30937927e8891f8c0fd2c7b6be5fbc5a05011c34a7375e91aad384b82b9e6a67.bin.sample.gz
SHA256 4d04c922d7d03c53e603ec4c155ce497a945d86c41f6747e3eed39e4e06d43b9
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

4d04c922d7d03c53e603ec4c155ce497a945d86c41f6747e3eed39e4e06d43b9

Threat Level: Shows suspicious behavior

The file 30937927e8891f8c0fd2c7b6be5fbc5a05011c34a7375e91aad384b82b9e6a67.bin.sample.gz was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2021-10-22 12:24

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2021-10-22 12:24

Reported

2021-10-22 12:26

Platform

android-x64

Max time network

47s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
US 1.1.1.1:853 tcp
US 172.217.168.202:80 play.googleapis.com tcp

Files

N/A