Analysis Overview
SHA256
35aec6d977e0501d869d3edd30ced22653f2d57488934f5927ac305b72943ad7
Threat Level: Likely malicious
The file 35aec6d977e0501d869d3edd30ced22653f2d57488934f5927ac305b72943ad7 was found to be: Likely malicious.
Malicious Activity Summary
Removes its main activity from the application launcher
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-14 09:52
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-14 09:52
Reported
2024-03-14 09:55
Platform
android-x86-arm-20240221-en
Max time kernel
145s
Max time network
137s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
jsn.eyecoloreditor
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | a.zeroproofs.com | udp |
| PL | 51.75.61.103:80 | a.zeroproofs.com | tcp |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.14:443 | android.apis.google.com | tcp |
Files
/data/data/jsn.eyecoloreditor/files/Config
| MD5 | ec30961949f438ac985f45b9f45682f3 |
| SHA1 | adb4e9084fe2d4e9357ea460cebc7772fada4b81 |
| SHA256 | 4c86f243eb5fc949d0f36846486ac16ffa8323d0d651f3126fdf4a5616f0c07e |
| SHA512 | c9e610d66ae74c90f45a29d9a624911e0634ed7bff87d82814a2b7c7c65d00a0f26cae7ad5f181be9d5141df87532c86272a1c18fd6658637e25bb19e920e478 |
/data/data/jsn.eyecoloreditor/files/Timer
| MD5 | 25e6224b7c556b0429171172d8c026b5 |
| SHA1 | 28759ea7695d8d426bdff49a4fb4a14b9d4b2b73 |
| SHA256 | e61283e98001014f4ece0e6347bfefb317f52df79b5366d38693461be8b7e773 |
| SHA512 | 5d1b5173205e1c5c921465716df205267b3ad95a3e6d94497de6950d454f4a3a39da42a78ff0efcc4c932cccbe72a29d264d69c39987fd75fe9247a54038433c |
/data/data/jsn.eyecoloreditor/files/Timer
| MD5 | a9ba177b7d4a483c267326bbe640faa2 |
| SHA1 | 8778c25399c107cb63149863e57defce7e732d9c |
| SHA256 | 9f5a9c42b65344078737464280f8a5cc4c2bc172f43047ede7baf690c79b2e24 |
| SHA512 | 603e4443e0fc0e08db018e90d9ad28fa1fdf97549a22bfc9a591761594d23a4d7339021653036fb734cdca9ec37ce5cf46a4ac13761999aec5e992a77bbc5bbe |
/data/data/jsn.eyecoloreditor/files/Config
| MD5 | 2e4bff7a73177d5386919af34796c420 |
| SHA1 | 68be78ba2285fdd14272c7a493a1bf5556a5173b |
| SHA256 | 59bd0ece4edca3b221e94110fec8aff6bf73ec8cf8554cf2d6ae774ad572fc22 |
| SHA512 | 4c958f482bf2e53909fa5a4086c027f8ae082c4c272cea9a2718d008979c8e883438ee60c3c22682065dc9d29920d4eb9f0510e06e6abf71ce6bfc50a54a1a95 |
/data/data/jsn.eyecoloreditor/files/Timer
| MD5 | 83f0b02977d758fd76a52811b706481c |
| SHA1 | 5da610ddce933d358191ded2824b089d869df257 |
| SHA256 | baffe77851931423c7dd6fe635e148b9b81edefd6c61d4ff6b6c2f7e41dcbfe1 |
| SHA512 | baef17717425f1e5a1eaddd35fd84084b725545159278ea47cd7f21af788e7c43cd4614dc8f4ca0bfd8ac4c18290a216555fec4a5538f48b55aa52429bce4980 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-03-14 09:52
Reported
2024-03-14 09:55
Platform
android-x64-20240221-en
Max time kernel
154s
Max time network
151s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
jsn.eyecoloreditor
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | a.zeroproofs.com | udp |
| PL | 51.75.61.103:80 | a.zeroproofs.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| GB | 216.58.212.228:443 | tcp | |
| GB | 216.58.212.228:443 | tcp | |
| GB | 172.217.169.66:443 | tcp | |
| GB | 172.217.169.14:443 | tcp |
Files
/data/data/jsn.eyecoloreditor/files/Config
| MD5 | 44ae818dc22a60c8210a47ce60174545 |
| SHA1 | f959f4f2c95b601ea5b86856e43471afa5d0b136 |
| SHA256 | 45003db1eaa24e98eae5c7b35c748879f8296396dff59d841ab6c2657970d673 |
| SHA512 | 81c396f58d3b176aeb1026c83c1fdcabbb37b5989d78692922d7971376d8a2da6fedbcfbafdf4f58c5f842ede9d61597c312c62ec9309210e910c97edb228064 |
/data/data/jsn.eyecoloreditor/files/Timer
| MD5 | 3d52bdd5266a77b2b5974bc05bd5694a |
| SHA1 | ce972bcb056a6954e708918707e66128cf232ddd |
| SHA256 | cd406fe5f4d4711d45bad659c457e3898a5d4e0c7ca5d99966b21bf78ef9e1a9 |
| SHA512 | 68a753af99c4c05bea2bacc8a8a1e8f76140f5075367ed5c68cf0f328c3224f4bd8d5415e66f3778d2152d9ee8541e95b5eb3c2b584998b8c296cc8c58354f60 |
/data/data/jsn.eyecoloreditor/files/Timer
| MD5 | 4530d9dd341f613ed8717df491aacb8f |
| SHA1 | 4535da0d0cd09df53c30ea1d359da960377f9a0b |
| SHA256 | f0f9658e901a75441b4844e5dff74c56adc9647562d34054d803517bae9d7089 |
| SHA512 | c852baf892a503277e8541d15cfef63d0e8f4f9395d4d722649af58cf847e0042284126e15a79911ca899b04b434fc84aa2afe3e37237d0a6b9c7e06ab5addb0 |
/data/data/jsn.eyecoloreditor/files/Config
| MD5 | 8be6e41cde252c720cce047963f3aba0 |
| SHA1 | b3c5e8bf8ddf4cd00cf534c1176dfb83be79e297 |
| SHA256 | 73c319acbb0fd09e1487fc28df2eec895059e5e650b0070bcc570ff9a4718235 |
| SHA512 | e4cf31203508396535a49763ea40d6dce2127464e1052de5ad143434101f618ee3f5c60907dc8a5658477d6f03f3c56dd6ef1c9b63db8da5e5e6c379c52d301f |
/data/data/jsn.eyecoloreditor/files/Timer
| MD5 | 16ac921c6e665811df1126e094957ee4 |
| SHA1 | 59de9947168958386070464a44c1899559390bd9 |
| SHA256 | 493c6c79f614b79b5aec8d4362dcb4fc7958a66a066c83c544cfa188f811a537 |
| SHA512 | 98f21dc344e4031b21bd07641e91898a40b6e36d216a8d3b2c24fa3d5158a94aa0869421aef71c1a7f6cbbe173a67c7b69cfc0cc76c86f054c130463918cb7e6 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-03-14 09:52
Reported
2024-03-14 09:55
Platform
android-x64-arm64-20240221-en
Max time kernel
155s
Max time network
144s
Command Line
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Processes
jsn.eyecoloreditor
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.238:443 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | a.zeroproofs.com | udp |
| PL | 51.75.61.103:80 | a.zeroproofs.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.169.4:443 | tcp | |
| GB | 172.217.169.4:443 | tcp |
Files
/data/user/0/jsn.eyecoloreditor/files/Config
| MD5 | 8793dbc5314b3561fc0c5e225452463c |
| SHA1 | 122a8112b2a35a65861090edd117a5cf3a1227c8 |
| SHA256 | 6d3eee085be9be3928eb58b974bf327267d055741b8a67b173c86eb5f97ea1c2 |
| SHA512 | caf8fffe7fbe636f178347a7a9d5a26aed20941b6c46cf0e86846d363f0036713e201bb171a447dc9b944060e7130dde241ccbfd3ca2143042727cc2f18a2f9d |
/data/user/0/jsn.eyecoloreditor/files/Timer
| MD5 | 9a3c0ae6b4fb7ce9fa02be91c4397d2e |
| SHA1 | ebc6b27985f75c0c0dd652895b1ff1a433dabb07 |
| SHA256 | 041bedc9e1da236f2799cd4cd3056d3adc642d6a559e2c038bcc53487e7d5e0e |
| SHA512 | 7765185fa27e165eb94c24eaec87dd8e068f4173d8c84b2bf1e80ea24e1ddcc0574a4175c946c06fe778cfcb79e82297bcd9c0e549adb96eeb90b25027bf964f |
/data/user/0/jsn.eyecoloreditor/files/Timer
| MD5 | af06bce46e8f9095e620caa988d2ee11 |
| SHA1 | d0f8989ac4cd65b0da1e69ae326a381ea7286e2b |
| SHA256 | 3ece506cce4f837d6ad362ecd7846b0986a8e1948924fa18fde15eab6e647705 |
| SHA512 | 941858a0d74973366bf5a38b2daac3b86961e88b3bd6164d1db59ccc068f827b861fbb3cb9a65e8d0d673df94f63b9ac1a3caa87e59454bd1253c2ca7ae0e4bd |
/data/user/0/jsn.eyecoloreditor/files/Config
| MD5 | dd374084f4ceb9540216aeef9b3fe280 |
| SHA1 | 1272f8077ae84076527562143bdd09685a294ef8 |
| SHA256 | 363c13af4f50310ce0852759ee0874b1f077d46026907a396c2870f3fc1e8f52 |
| SHA512 | f4e5e5bbd504fc608c109336bb9ee08712b550757f36055cd68821699eeff9d71e90cb86cd96dd97f4e429932c112fff69028ceb4e1a368b77ef3887e71f0c7f |
/data/user/0/jsn.eyecoloreditor/files/Timer
| MD5 | 41e599f97cd15145d5df6ae3c3c15fc8 |
| SHA1 | 35110358a4d9a8988b70d867156596aa86307da5 |
| SHA256 | 88cae02e9d2efcb36ccecc7e326f6e65d30a87af743470d9356ce90b39e43274 |
| SHA512 | 7a56e474d8dfdeaedbab84353e8ed2cb5e4ec66bfbd2b4988d9bd4582a372c2b22661cce18acf28c754ebce0307d856dd39ae69ba8d2c137a32d0046901bf72d |