Analysis Overview
score
10/10
SHA256
0b72c22517fdefd4cf0466d8d4c634ca73b7667d378be688efe131af4ac3aed8
Threat Level: Known bad
The file 0b72c22517fdefd4cf0466d8d4c634ca73b7667d378be688efe131af4ac3aed8_unpacked.zip was found to be: Known bad.
Malicious Activity Summary
Godfather family
Makes use of the framework's Accessibility service.
Requests dangerous framework permissions
MITRE ATT&CK Matrix
N/A
Analysis: static1
Detonation Overview
Reported
2023-11-22 16:15
Signatures
Godfather family
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-22 16:15
Reported
2023-11-22 16:35
Platform
android-x64-20231023.1-en
Max time kernel
4158828s
Max time network
72s
Command Line
com.rduzmauwns.jieliysagr
Signatures
Makes use of the framework's Accessibility service.
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByViewId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
com.rduzmauwns.jieliysagr
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| NL | 142.250.179.174:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | static.xx.fbcdn.net | udp |
| US | 157.240.251.9:443 | static.xx.fbcdn.net | tcp |
| US | 1.1.1.1:53 | m.youtube.com | udp |
| US | 1.1.1.1:53 | images-na.ssl-images-amazon.com | udp |
| US | 1.1.1.1:53 | en.m.wikipedia.org | udp |
| US | 1.1.1.1:53 | a.espncdn.com | udp |
| US | 2.18.121.74:443 | images-na.ssl-images-amazon.com | tcp |
| US | 1.1.1.1:53 | s.yimg.com | udp |
| US | 1.1.1.1:53 | ir.ebaystatic.com | udp |
| NL | 87.248.116.12:443 | s.yimg.com | tcp |
| US | 1.1.1.1:53 | www.instagram.com | udp |
| US | 151.101.194.206:443 | ir.ebaystatic.com | tcp |
| NL | 157.240.247.174:443 | www.instagram.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | m.youtube.com | udp |
| DE | 172.217.23.206:443 | m.youtube.com | tcp |
| US | 1.1.1.1:53 | en.m.wikipedia.org | udp |
| US | 1.1.1.1:53 | a.espncdn.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| NL | 142.250.179.205:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | en.m.wikipedia.org | udp |
| US | 1.1.1.1:53 | a.espncdn.com | udp |
| NL | 185.15.59.224:443 | en.m.wikipedia.org | tcp |
| NL | 95.101.78.209:80 | a.espncdn.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| NL | 142.251.36.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| NL | 142.251.36.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | dbyzjkcvcnduy | udp |
| US | 1.1.1.1:53 | eqphzqshj | udp |
| US | 1.1.1.1:53 | rxoilxepa | udp |
| US | 1.1.1.1:53 | dbyzjkcvcnduy | udp |
| US | 1.1.1.1:53 | eqphzqshj | udp |
Files
N/A