Malware Analysis Report

2025-01-19 05:19

Sample ID 221029-k1anvaaba8
Target 6fc6cf09595331f0191f2b2bb86b3bf64b04dd6b02e3f342a308e1b59d1e0863
SHA256 6fc6cf09595331f0191f2b2bb86b3bf64b04dd6b02e3f342a308e1b59d1e0863
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

6fc6cf09595331f0191f2b2bb86b3bf64b04dd6b02e3f342a308e1b59d1e0863

Threat Level: Shows suspicious behavior

The file 6fc6cf09595331f0191f2b2bb86b3bf64b04dd6b02e3f342a308e1b59d1e0863 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Acquires the wake lock.

Tries to add a device administrator.

Requests dangerous framework permissions

Reads information about phone network operator.

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-10-29 09:03

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-10-29 09:03

Reported

2022-10-29 13:15

Platform

android-x86-arm-20220823-en

Max time kernel

602001s

Max time network

130s

Command Line

com.fbsmanager.umgr

Signatures

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Tries to add a device administrator.

Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Reads information about phone network operator.

Processes

com.fbsmanager.umgr

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.251.39.106:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
NL 172.217.168.206:443 android.apis.google.com tcp
US 1.1.1.1:53 jabber.co.nz udp
US 1.1.1.1:53 swissjabber.eu udp
US 1.1.1.1:53 jabber.de udp
DE 85.214.240.221:5222 jabber.de tcp
US 1.1.1.1:53 zsim.de udp
TR 31.3.3.7:5222 zsim.de tcp
US 1.1.1.1:53 lightwitch.org udp
IT 93.49.206.14:5222 lightwitch.org tcp
US 1.1.1.1:853 tcp
US 1.1.1.1:853 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2022-10-29 09:03

Reported

2022-10-29 13:15

Platform

android-x64-20220823-en

Max time kernel

601868s

Max time network

130s

Command Line

com.fbsmanager.umgr

Signatures

Reads information about phone network operator.

Processes

com.fbsmanager.umgr

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 jabber.co.nz udp
US 1.1.1.1:53 ssl.google-analytics.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.142:443 android.apis.google.com tcp
US 1.1.1.1:53 jabber.co.nz udp
US 1.1.1.1:53 swissjabber.eu udp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.250.179.200:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 swissjabber.eu udp
US 1.1.1.1:53 lightwitch.org udp
US 1.1.1.1:53 accounts.google.com udp
US 1.1.1.1:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 1.1.1.1:53 uvovhzqsueaoo udp
US 1.1.1.1:53 tndihpo udp
US 1.1.1.1:53 ewhwrdgdvkwc udp
US 1.1.1.1:53 lightwitch.org udp
US 1.1.1.1:53 ewhwrdgdvkwc udp
US 1.1.1.1:53 jabberd.eu udp
US 1.1.1.1:53 jabberd.eu udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2022-10-29 09:03

Reported

2022-10-29 13:15

Platform

android-x64-arm64-20220823-en

Max time kernel

602030s

Max time network

163s

Command Line

com.fbsmanager.umgr

Signatures

Acquires the wake lock.

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Tries to add a device administrator.

Description Indicator Process Target
Intent action android.app.action.ADD_DEVICE_ADMIN N/A N/A

Reads information about phone network operator.

Processes

com.fbsmanager.umgr

Network

Country Destination Domain Proto
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 142.250.179.142:443 android.apis.google.com tcp
NL 142.250.179.206:443 android.apis.google.com tcp
N/A 224.0.0.251:5353 udp
NL 172.217.168.226:443 tcp
NL 142.251.39.102:443 tcp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.250.179.202:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 lightwitch.org udp
IT 93.49.206.14:5222 lightwitch.org tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
NL 142.251.39.104:443 ssl.google-analytics.com tcp
NL 142.251.36.42:80 play.googleapis.com tcp
US 1.1.1.1:53 jabberd.eu udp
US 1.1.1.1:53 jabber.de udp
DE 85.214.240.221:5222 jabber.de tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
NL 216.58.214.14:443 android.apis.google.com tcp
US 1.1.1.1:53 zsim.de udp
IT 93.49.206.14:5222 lightwitch.org tcp

Files

N/A