Analysis Overview
SHA256
4b218d945ca4da4a2501a5eb99ab925f668df060cdcd45a9fbe419c799a5d789
Threat Level: Known bad
The file 2nr premium signed.apk was found to be: Known bad.
Malicious Activity Summary
Spynote family
Requests dangerous framework permissions
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-05-12 05:43
Signatures
Spynote family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. | android.permission.PROCESS_OUTGOING_CALLS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-05-12 05:42
Reported
2023-05-12 05:43
Platform
android-x64-arm64-20220823-en
Max time kernel
243032s
Max time network
19s
Command Line
Signatures
Processes
pl.rs.sip.softphone.newapp
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.179.142:443 | tcp | |
| NL | 142.250.179.142:443 | tcp | |
| NL | 142.250.179.142:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| US | 1.1.1.1:53 | infinitedata-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | firebase-settings.crashlytics.com | udp |
| US | 1.1.1.1:53 | graph.facebook.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 142.251.39.104:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
Files
/data/user/0/pl.rs.sip.softphone.newapp/databases/com.google.android.datatransport.events
| MD5 | 5382bdf6748af0d14697c252bc87234f |
| SHA1 | 82371a4f47830c03387c2e52ed744d92b7c957e6 |
| SHA256 | fdfbf95021fc955bc14c092c9061ea3af8863f93aa2102bae7e0b0f11d8e27c3 |
| SHA512 | 7b22feb2141ac61260899f6951a4c30358a8d546a20641456c3d26c85551ceecf07184c36f0cfab1cf79fdf2a20728bfa92dee0def469559d2f31c877aeb7b9e |
/data/user/0/pl.rs.sip.softphone.newapp/no_backup/com.google.android.gms.appid-no-backup
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pl.rs.sip.softphone.newapp/files/generatefid.lock
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pl.rs.sip.softphone.newapp/databases/com.google.android.datatransport.events-journal
| MD5 | b633999e79e00e15c83799bdd1d24aef |
| SHA1 | 691648759a649df73174c3a86ef70191f8260994 |
| SHA256 | 81036b4e3045aeb23d441ef281b53b59ace53ecc7ff9d771a7e53a80ac4f9536 |
| SHA512 | 1efeaae22e81c95b2ea77257d81f83d256726855ee2c7aa5f70033b44b9d1301a8170486668b603374c3d886c73e351a0f5b70075e7d692dad8cc828a72ebba5 |
/data/user/0/pl.rs.sip.softphone.newapp/files/PersistedInstallation1570695925334085076tmp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/com.google.firebase.messaging.xml
| MD5 | d6b32b6f7842c43a69d96e6bbc0f951e |
| SHA1 | f09a77cc001d93e3386c5cd436a79ee29a46da6f |
| SHA256 | 5d262a249d4523aa6285643f3e7d110697e3aa653bf68909d3a56f4fad151a75 |
| SHA512 | e15f4e2d36a163ee62904a7d8e07ff792adde9992607f82b663df8047483283334eb2d7d6643aaca4395e11e9c1ffc51f8b3cad45b19922f31bdccdcd898ee56 |
/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MToxMDY2ODY4MzI1OTk4OmFuZHJvaWQ6MzVmZDdiYTFhMmExNDIyN2IzMzA3Zg.xml
| MD5 | 2c3a868870a628f9b37671d02352d3e6 |
| SHA1 | 18a734b96a57ee851c64ab0515e1ffb26069a2e0 |
| SHA256 | 313ca2a551844388fe50d580f9e460d14f9af44d5a1b0ed143480fabeddcb617 |
| SHA512 | a532cc392eec6490bccbc485f01ef323c17eb59a5e08297981d8a9a4e5a590876f9cb52bacfe086f7e275d3f423db56ca7a9fa8e8eed9e7ca7449ef4cb68a72d |
/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/com.google.firebase.crashlytics.xml
| MD5 | af4763304a986d82c8145a9b6adc69bd |
| SHA1 | 0faa8a240a06c7afc6516e14a2ae4175908a9d46 |
| SHA256 | d5fc40884478dd8150a9fcb0b65b9cb722d9f637e8070a15642bdbd34ab22d6c |
| SHA512 | 3d0886fc3d69463561d1e3bd1d7f2b275de9d08ef7de52bcf9aecce10ecb110aef81b8cc3a78d1f97616c8077bcd7aa8900d13872465af476233994a5b185660 |
/data/user/0/pl.rs.sip.softphone.newapp/files/.com.google.firebase.crashlytics.files.v2:pl.rs.sip.softphone.newapp/open-sessions/645DD1FE03D1000111BD7F716C04DFFC/report
| MD5 | 8ac4d89d5b6fcfe2fd24addc9b87b4f2 |
| SHA1 | a56967e2b2160e1fb32e50d9123ef732776c76d8 |
| SHA256 | 0b6712b1f00e97456a4b173abf5cb29261770fa91cda4b3adf436930c5f0209c |
| SHA512 | 5c332ea42fee3b192bdfc2998d7bd8452825f57025659f6395a9a06caeb273dc59fc927137ae6f111cda774296ae124dfd61ad58415f9cc745878e9be3b4705e |
/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/FirebaseHeartBeatW0RFRkFVTFRd+MToxMDY2ODY4MzI1OTk4OmFuZHJvaWQ6MzVmZDdiYTFhMmExNDIyN2IzMzA3Zg.xml
| MD5 | e6937e7ddf22c62ddba71ed4a6b21833 |
| SHA1 | f14513f8ee9cae21dea877ab7345017c72a071c3 |
| SHA256 | 77b74cf9ddcf9f2d1420e904db86b94af4012d62e24a97d71cdfdfa49af45d75 |
| SHA512 | 9f78eebe08eb059fec6f3b4a392d554b7380eb835d665d1a4bd4475370ccd0a258e41ccb5729420b89b84a5739d9e97331f304883ae34803e7aed9d081cb4710 |
/data/user/0/pl.rs.sip.softphone.newapp/files/.com.google.firebase.crashlytics.files.v2:pl.rs.sip.softphone.newapp/open-sessions/645DD1FE03D1000111BD7F716C04DFFC/start-time
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/com.google.android.gms.measurement.prefs.xml
| MD5 | 250b4caeba60ddf53228405750ba66ca |
| SHA1 | 422ab714feb34e9f3b4f1cbe669887bcd581ddb1 |
| SHA256 | 2478c97a377db9ce6a44977b4864a40af8b4f5e5c8f81892c424a608ddec911e |
| SHA512 | 373750c29942fef90281109b6025c398d0f4ac62b58a984a3651d09f8c016440bc40f6bd84fb6d40acf8e48a553d4c1d22e01a95c40a41567c079ba9a338afdb |
/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/com.facebook.sdk.appEventPreferences.xml
| MD5 | f19ad893e7ec55173f560c44cb561974 |
| SHA1 | 5071c59224c36a48e3272bcb8a467f77f43f0c52 |
| SHA256 | f76b8e79f1e8952445e59392645646ab3b2b855a982c6fe264ac9115263b9e89 |
| SHA512 | 19beb9c89dc9eb0c1ca5b1db754ed547031233e6952988fac4b8050a17511d6b218d5177a5eb3aba6dc0da64e2cb522ab3c151b8fe11d9c35f96918a486447ba |
/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/com.facebook.sdk.USER_SETTINGS.xml
| MD5 | 34d145a1f9d7290f517f621b0e5635bd |
| SHA1 | 89108d6cae8d351c53efb5b70991fea2deaa8e64 |
| SHA256 | 777b4dbcab9944d8855218bf93d3dad6bdb25c3666702a3f5ba8953f7752504e |
| SHA512 | ac5ed49d296110fac3ab4ff1fe5ec3c2ed13fd15452a86ea95a3132e7625c63342703dcc29b9a84fe4c49617cd647b48efa51f0a43267eebf1f996da88ebbfcb |
/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/com.facebook.sdk.appEventPreferences.xml
| MD5 | 1f85d23b62aa013a21c5acfc2f90e993 |
| SHA1 | 845e48f52a6aabf7cc1f32315908397ec5e68817 |
| SHA256 | f49a2b0bc313ac3c9068f6475e5228b499266dbdb9dc74ba08ed97f0ca78aa1a |
| SHA512 | c2786670182ca003316630ffedd9859c3845a49076d05992e0e1ca443287d3f596aa62c1e6a918623b9084a41a443df8e7cf561e6ed5ea307018848ab4a874a7 |
/data/user/0/pl.rs.sip.softphone.newapp/files/PersistedInstallation3956077538807441250tmp
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/com.google.android.gms.measurement.prefs.xml
| MD5 | 1defbf724a2c7742b5cd7f6f65686a8a |
| SHA1 | 356c341ebab7af2e6ab3d7bfdfd354d59f922d88 |
| SHA256 | bdfd6f95033c556ab576b44af427c2da2a225ba59b5267e525a7940fe01fd844 |
| SHA512 | 1c1af40ad2b04f3abd6573ad61699376bd0ecaf9b1f1b4835d1ebfefad93091b8167d6e80b3ba04442036dbcf35d721908e3d71c2288e91eb464ceeaf1de4a83 |
/data/user/0/pl.rs.sip.softphone.newapp/databases/google_app_measurement_local.db
| MD5 | 8dfcfdcef5a9793fb83bda404ec3f42b |
| SHA1 | dd02caf5757e9fdaf184ab299c45e4c92ab3ae4b |
| SHA256 | a59674cc863d7e977b030c7047072dc4c6d5ada1257917574fe184d886042cd2 |
| SHA512 | e04d1892c052fc3766881d3f21e26961714e575766cb316bcada34cce49cf6e17eb26c3fbdee0038ed2c75da0a9cab99e0e3e78374be20ce2790cc0d0d9cd807 |
/data/user/0/pl.rs.sip.softphone.newapp/databases/google_app_measurement_local.db-journal
| MD5 | 4ae8e56f8d55dbe1c6c90d94b2b3efc0 |
| SHA1 | 7f66976868b808de9b08b31b3dc3bff2f52c76da |
| SHA256 | 83ff74393cd177e7e80a48a3f50352075782fbdfa382a8201de9a236ee8bff54 |
| SHA512 | 54edc96a315378178b25efa6518906f032bcf55fe9fa07bcdd601e254841c0b4ef38bfc8a83c1d2f6cba23cb484efd4a7b70ae9071d39e241244b8137004d7c4 |
/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/com.google.android.gms.measurement.prefs.xml
| MD5 | 55bd4a23976a5e0362cdfb77f4abb9c5 |
| SHA1 | 410d04bbbf615139eae2f32c4e52927d84635d07 |
| SHA256 | fb950c3739ac8cc2e34bf563a44024823d3d0cc5b308ca60521d967695d28d22 |
| SHA512 | 37646e2cb708474c825b612e6f19f61bfaea11bb4880e47186201914818265e0c0b9a0dd3a02edda11a7c882bfb49ebc4964b54bd41dd7fb8dc633ea2933331f |
/data/user/0/pl.rs.sip.softphone.newapp/shared_prefs/com.google.android.gms.measurement.prefs.xml
| MD5 | 151ec2b548d8c7c5a670877442e5dfe2 |
| SHA1 | ec6aa9a16ed6e0bd6282ff208439819ef759b445 |
| SHA256 | 5ef7db7ab2d24144ad0e993025f0ed31c47a5f8e0cf53519c3921dccce899f87 |
| SHA512 | 39801029e53eb17cf14e068f8dad3a96de71e64922c56efbcca54cd2d9644f8deccf18f2d73c558a16e3538d881f2c84687ac9cacfe41271add5e455c96355f0 |
/data/user/0/pl.rs.sip.softphone.newapp/files/.com.google.firebase.crashlytics.files.v2:pl.rs.sip.softphone.newapp/crash_marker
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pl.rs.sip.softphone.newapp/files/.com.google.firebase.crashlytics.files.v2:pl.rs.sip.softphone.newapp/open-sessions/645DD1FE03D1000111BD7F716C04DFFC/event0000000000_
| MD5 | 32312f44c4c1eddfc94c9c69279ee043 |
| SHA1 | eb65ce42f62c18cd7dbaaafb5e0071c5704c7095 |
| SHA256 | e7a4bb01ec3bcbb33f697b58c00a62a1d8f5e03565f33750c288193191005fcc |
| SHA512 | d48690605a45dfc9ea501c4c6cd436295dd5cc794aee6c5dc3b7922df11b97ef40c4a5ea6d34bdd5b9091e702c0d527286746354300fcdadafb90e4da252d0c8 |
/data/user/0/pl.rs.sip.softphone.newapp/files/.com.google.firebase.crashlytics.files.v2:pl.rs.sip.softphone.newapp/.ae1683870208899
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
/data/user/0/pl.rs.sip.softphone.newapp/files/.com.google.firebase.crashlytics.files.v2:pl.rs.sip.softphone.newapp/priority-reports/645DD1FE03D1000111BD7F716C04DFFC
| MD5 | da941d41e5278af3196fe33bc5da75c9 |
| SHA1 | 912a1c1ba5e9aec91c3c2bbe7d0250f2b952505d |
| SHA256 | 449f40c70a67ce56722d046fa59d3c6e8cb48672a745ebfc593f03d50be0e099 |
| SHA512 | d89b9b462f65e576f4273212a39550f2dcd3b0d59ee404a6e4d2983d9cbcd0a1a4b7f4fc453a8c74c61196fc85dc571735e60b8c87d11ad35a200e3a8f2ad744 |
/data/user/0/pl.rs.sip.softphone.newapp/files/.com.google.firebase.crashlytics.files.v2:pl.rs.sip.softphone.newapp/open-sessions/645DD2010068000211BD7F716C04DFFC/report
| MD5 | 6f92fc307d447ab43f216cfc93ac14ef |
| SHA1 | e41b6502b9e138dfadd677bb4946e7ab09790e3b |
| SHA256 | 5107ff2037348bf5d75d00b811507a9fc47dd9d3143ca510db45f36f737d792f |
| SHA512 | 2a9759667cbc0fe3650c904306bf55f6141f7516f52eeb320b55e7448285065cc6093808ddd54a9273e0708672731c4e8dc44bd0d5a8dadd8a81fbe58af56d54 |
/data/user/0/pl.rs.sip.softphone.newapp/files/.com.google.firebase.crashlytics.files.v2:pl.rs.sip.softphone.newapp/open-sessions/645DD2010068000211BD7F716C04DFFC/start-time
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |