Malware Analysis Report

2025-01-19 05:51

Sample ID 231201-vkg34adg92
Target scott_pilgrim_netflix_anime_1462046204.apk
SHA256 32a04358c20a4e96e94ffae303527455fbbd8aa40f179b2fdcf3cbdd63ad4747
Tags
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

32a04358c20a4e96e94ffae303527455fbbd8aa40f179b2fdcf3cbdd63ad4747

Threat Level: Shows suspicious behavior

The file scott_pilgrim_netflix_anime_1462046204.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

Legitimate hosting services abused for malware hosting/C2

Reads information about phone network operator.

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-12-01 17:02

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-01 17:02

Reported

2023-12-01 17:07

Platform

android-x86-arm-20231023-en

Max time kernel

643256s

Max time network

131s

Command Line

com.example.myapplication

Signatures

Legitimate hosting services abused for malware hosting/C2

Reads information about phone network operator.

Processes

com.example.myapplication

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 infinitedata-pa.googleapis.com udp
NL 142.251.39.106:443 infinitedata-pa.googleapis.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
NL 142.251.36.10:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 1.1.1.1:53 s.grobrothers.org udp
US 188.114.97.0:443 s.grobrothers.org tcp
NL 142.251.36.14:443 tcp
NL 142.251.36.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
DE 172.217.23.206:443 android.apis.google.com tcp

Files

N/A