Analysis Overview
SHA256
65c8fc97a2855d1c7484cf2ca29352d7347ef92cfd1bdf7a3d6279a12752b4ca
Threat Level: Likely malicious
The file c75185f9bb13f7e05ea5d1f93522dde2 was found to be: Likely malicious.
Malicious Activity Summary
Removes its main activity from the application launcher
Loads dropped Dex/Jar
Requests dangerous framework permissions
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-14 01:18
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-14 01:18
Reported
2024-03-14 01:21
Platform
android-x86-arm-20240221-en
Max time kernel
7s
Max time network
135s
Command Line
Signatures
Processes
com.browsers.version
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.200.4:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 172.217.169.74:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.179.227:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | fcksujdrp | udp |
| US | 1.1.1.1:53 | ejsnaesbnwlzqu | udp |
| US | 1.1.1.1:53 | fcrzbfiq | udp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
Files
/data/data/com.browsers.version/app_tfile/fields.jar
| MD5 | a73395915062ab8bf0c8d9482fb546b2 |
| SHA1 | 48ec3c39f5aff863f09e53bd0dafba414c5bd8b9 |
| SHA256 | e372d30419c46ab8a4eed0602c7cf289cba4922847d12c04627320096e79a2f5 |
| SHA512 | 1a3feac83f916d5577ebccdddcc43c069b38bfdc364aeddcef4969cf2a187030cce75261eb129fc1dcef75b2b41baeada12838fc96fee164cfc02aa9d043dafd |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-14 01:18
Reported
2024-03-14 01:21
Platform
android-x64-20240221-en
Max time kernel
154s
Max time network
152s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.browsers.version/app_tfile/fields.jar | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.browsers.version
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 172.217.169.42:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 142.250.187.238:443 | clients1.google.com | tcp |
| GB | 172.217.169.74:443 | tcp | |
| GB | 172.217.169.74:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | iqbrgdzyz | udp |
| US | 1.1.1.1:53 | teabhsoz | udp |
| US | 1.1.1.1:53 | ylqgqiedbfjlcif | udp |
| US | 1.1.1.1:53 | api.adsnative123.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 216.58.204.66:443 | tcp | |
| GB | 142.250.180.14:443 | tcp | |
| GB | 142.250.187.196:443 | tcp | |
| GB | 142.250.187.196:443 | tcp |
Files
/data/data/com.browsers.version/app_tfile/fields.jar
| MD5 | f9dcd2055286977fdcc69c5a553e1e07 |
| SHA1 | c63060bfb53e300e18d144d662404079192320b1 |
| SHA256 | 7129e1c337c57a3f14bb8ac1508d1bafdbcf7d3b58258ff9d897ba731a9b9a84 |
| SHA512 | a635a7221dc43abea9663fb0982c44b6aba20f93c31e75fc9acb94ac2216e194aed13f0024354f6b5984ca5df220e4cd6e3f0ad2cda3ea5145a2b1e09f3e7dda |
/data/user/0/com.browsers.version/app_tfile/fields.jar
| MD5 | a5c2edba25a231329548b4cc5aaf421a |
| SHA1 | 5e2b4210c0c0d927b850ad3a71dae1127cdb6ec4 |
| SHA256 | 8ce0c19fdecbfd0a2cd64655b2ad2c864b5f15c6d0aedf3f8c4d8c55608778b5 |
| SHA512 | 23ed76637486d7211a8ccbcf771c7b200f497b497538211b9507c4b24d93c595fc53ac9d289e052792710c7bbc842646283560e62db631bec580d1d218a68a2b |
/data/data/com.browsers.version/databases/tbcom.browsers.version-journal
| MD5 | 7cd1b2bc162f53f95218c650df2bdffc |
| SHA1 | 9466ecb822bce7e1723ba1d7fca63e31fdcc6399 |
| SHA256 | 96d696dc9ae37623cce6d92ff751a75a5a83e2907cb70f9284a5a776ec570f35 |
| SHA512 | 551ca7eb3ee6d479d8cbb33773642560ed9dd2d5f1e9f5ff2ec243cdb3480ea14de189a6eedf49c8ee9388679a20334f3606f3938446d8a9e351281f6f5ab8cb |
/data/data/com.browsers.version/databases/tbcom.browsers.version
| MD5 | 163b0e3f017becbc89b9d7f330b78f09 |
| SHA1 | 1ef9cd8ac8655190468d0ccece0a4738634ab0f9 |
| SHA256 | cf01452c3b494692386f6c5faac340eb3eb894bd416391002d56645aa8a9ea36 |
| SHA512 | 6a85a30d16fa58a4fbbb05d469778ee69ca79deaa74316ccb5be3ee07fdf78dde22e95db3edb1b88b18478e8747047445f85baaf9556b9a1e55d9a02a80baffd |
/data/data/com.browsers.version/databases/tbcom.browsers.version-journal
| MD5 | 2e56f29c75773208315da565f20c6935 |
| SHA1 | cc9e73dc8044c247df11734585f9b9c75d70a9ad |
| SHA256 | 0a2152aa0b0bac3f2ef0e8ca1e5e1755f57161e8b94c08513adeee08cdc730bc |
| SHA512 | e0c5d7f9d6bd2e76afab363110acd0163f2e3e1a53c3bcbe852755b96f5927970d1a942f6d2ad69ae3de7108c14c9d936ecc123dcef7fd91466dddaf91955efe |
/data/data/com.browsers.version/databases/tbcom.browsers.version-journal
| MD5 | 81db056d7515dfa2dd5d6cef5852c04b |
| SHA1 | 80abd258864ca58300b57df06982311d8a8207b3 |
| SHA256 | 3ee8d2ef652839a182bf0e45389de8e61dd9cc11684d8af2a65f072b9a8bfbc7 |
| SHA512 | 6b27412f70620ae14e5b0c6379ff804d494ddc248dbd1cd93d4584ee93d5d2e8b8ece5a32eacfb6070283dde6d194678a67b9905c44a9b25456657314726f58f |
/storage/emulated/0/Download/sdsid
| MD5 | b8c37e33defde51cf91e1e03e51657da |
| SHA1 | dd01903921ea24941c26a48f2cec24e0bb0e8cc7 |
| SHA256 | fe675fe7aaee830b6fed09b64e034f84dcbdaeb429d9cccd4ebb90e15af8dd71 |
| SHA512 | e3d0e2ef3cab0dab2c12f297e3bc618f6b976aced29b3a301828c6f9f1e1aabbe6dab06e1f899c9c2ae2ca86caa330115218817f4ce36d333733cb2b4c7afde7 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-03-14 01:18
Reported
2024-03-14 01:21
Platform
android-x64-arm64-20240221-en
Max time kernel
154s
Max time network
132s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.browsers.version/app_tfile/fields.jar | N/A | N/A |
Reads information about phone network operator.
Uses Crypto APIs (Might try to encrypt user data)
| Description | Indicator | Process | Target |
| Framework API call | javax.crypto.Cipher.doFinal | N/A | N/A |
Processes
com.browsers.version
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.178.14:443 | udp | |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.212.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 172.217.169.74:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | www.google.com | udp |
| BE | 64.233.166.84:443 | accounts.google.com | tcp |
| GB | 216.58.204.68:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | clients1.google.com | udp |
| GB | 142.250.180.14:443 | clients1.google.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.200.35:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | kyjtkjalephuzq | udp |
| US | 1.1.1.1:53 | quuvgsuqtbbs | udp |
| US | 1.1.1.1:53 | ulgxyoku | udp |
| US | 1.1.1.1:53 | api.adsnative123.com | udp |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.200.36:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.187.226:443 | tcp | |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
Files
/data/user/0/com.browsers.version/app_tfile/fields.jar
| MD5 | f9dcd2055286977fdcc69c5a553e1e07 |
| SHA1 | c63060bfb53e300e18d144d662404079192320b1 |
| SHA256 | 7129e1c337c57a3f14bb8ac1508d1bafdbcf7d3b58258ff9d897ba731a9b9a84 |
| SHA512 | a635a7221dc43abea9663fb0982c44b6aba20f93c31e75fc9acb94ac2216e194aed13f0024354f6b5984ca5df220e4cd6e3f0ad2cda3ea5145a2b1e09f3e7dda |
/data/user/0/com.browsers.version/app_tfile/fields.jar
| MD5 | a5c2edba25a231329548b4cc5aaf421a |
| SHA1 | 5e2b4210c0c0d927b850ad3a71dae1127cdb6ec4 |
| SHA256 | 8ce0c19fdecbfd0a2cd64655b2ad2c864b5f15c6d0aedf3f8c4d8c55608778b5 |
| SHA512 | 23ed76637486d7211a8ccbcf771c7b200f497b497538211b9507c4b24d93c595fc53ac9d289e052792710c7bbc842646283560e62db631bec580d1d218a68a2b |
/data/user/0/com.browsers.version/databases/tbcom.browsers.version-journal
| MD5 | b764bd77104d9c05170af0ddd2d9ccc0 |
| SHA1 | 7d6328d2a019a5b38a19c8aa66626f994b093557 |
| SHA256 | 14e4cdbaf83681c2d1c92b8d721007157ba3b9574307caf91d6cbe77d55a4d28 |
| SHA512 | a0106947c370903cf82e79c53f5a1f2936f7f985cdee8a80d96a7c14b8425195f1311ee15668c8ab9e3aabe20999565c2e27f6ced89c82d16e938bc9e126397e |
/data/user/0/com.browsers.version/databases/tbcom.browsers.version
| MD5 | f41f531c07d4141546a531ff9caffdcd |
| SHA1 | 9dcac5aed06972d0ff6bd4cc1f1cdff85b36d3f5 |
| SHA256 | bb8dee5b5c3779f175abbd142722eb0022b98d374783aa80145b34614a4de646 |
| SHA512 | e0c8d1a820cb4c098e45776e8b50ea8c83944ef2e3f005cb0acbfc07688974d370f78100ae022f62564fc4c12acfdc43b710c18ca1c30f4f575bc08b9b12d2d4 |
/data/user/0/com.browsers.version/databases/tbcom.browsers.version-journal
| MD5 | 0ee1335bdcc1da0345b86b06753b2348 |
| SHA1 | 4baa2dcb7944b483df503b739b167f9e9c1f58e8 |
| SHA256 | f34e39dc673c078458dcf287aaeb61e43827bf62978cc981051f229122cbecad |
| SHA512 | d32e480b2c5ec64c704828c7f3ff3caeeb20f784a1df358d728850e8f9f0f844936d8f19c1e32a43ea53954102a92e1e54c13eb0753be14bf4718af0ef9a2fdb |
/data/user/0/com.browsers.version/databases/tbcom.browsers.version-journal
| MD5 | 277084dca3aff1273cd495cb2cc7f825 |
| SHA1 | ce8b9a513e1557ba6eb280c64daf6330d68e7627 |
| SHA256 | cb9fddacb85bf6b631f62bd21a73b8bf225a9c5aedfc62dad777cf51c6d11c53 |
| SHA512 | 6d738415e12290432abec4b08d3fc4b22c0a2b5b9caa939affcfcf849be0f7834f4bd53fc9d80bd3aa657af6d1f88358f2f6709c7e8733a0df8589be915717ef |
/storage/emulated/0/Download/sdsid
| MD5 | b8c37e33defde51cf91e1e03e51657da |
| SHA1 | dd01903921ea24941c26a48f2cec24e0bb0e8cc7 |
| SHA256 | fe675fe7aaee830b6fed09b64e034f84dcbdaeb429d9cccd4ebb90e15af8dd71 |
| SHA512 | e3d0e2ef3cab0dab2c12f297e3bc618f6b976aced29b3a301828c6f9f1e1aabbe6dab06e1f899c9c2ae2ca86caa330115218817f4ce36d333733cb2b4c7afde7 |