Malware Analysis Report

2024-10-19 12:07

Sample ID 240519-1y7tkacc56
Target 2392ddbfae7dc0fcf9280d3248244e4067ff6147bbd7e37ce964e2bf6204c468.bin
SHA256 2392ddbfae7dc0fcf9280d3248244e4067ff6147bbd7e37ce964e2bf6204c468
Tags
evasion stealth trojan
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

2392ddbfae7dc0fcf9280d3248244e4067ff6147bbd7e37ce964e2bf6204c468

Threat Level: Likely malicious

The file 2392ddbfae7dc0fcf9280d3248244e4067ff6147bbd7e37ce964e2bf6204c468.bin was found to be: Likely malicious.

Malicious Activity Summary

evasion stealth trojan

Removes its main activity from the application launcher

Checks the application is allowed to request package installs through the package installer

Requests allowing to install additional applications from unknown sources.

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-19 22:04

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to request installing packages. android.permission.REQUEST_INSTALL_PACKAGES N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-19 22:04

Reported

2024-05-19 22:29

Platform

android-x86-arm-20240514-en

Max time kernel

179s

Max time network

131s

Command Line

com.spacex.runner

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Requests allowing to install additional applications from unknown sources.

evasion
Description Indicator Process Target
Intent action android.settings.MANAGE_UNKNOWN_APP_SOURCES N/A N/A

Processes

com.spacex.runner

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.227:443 tcp
GB 142.250.180.14:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/misc/profiles/cur/0/com.spacex.runner/primary.prof

MD5 e4c5fd3a07e0ca372943054b1ee0a0d3
SHA1 2429c4ce069a75a3b847cc228d104ce2d89df9ea
SHA256 6009ace2d2b6ce50302b522c523702936e07f6f3fa712936cf17f704f5ecfaf6
SHA512 67f1b1ef5dc3a90454733a14a5122ca9dff2777d4aa4e9592d296ac419314eaf5eb3f7ed06e1284e50ebdbdf9c6e582cbec9765dbe291e91f7467951b9a645b1

/data/data/com.spacex.runner/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 b5ef43af41fee15e27ece398ff71f7b1
SHA1 ddc53a19b68ca0f05d64a0d4ab611faddbc88328
SHA256 7a5d3d6a29001297663023f49c2e7d1be2c935c1729886e30410f64c75162e43
SHA512 67c8290280f711e982223f27b66e9f43a2648e0477f0e887e07352f2bd2f5900a0997d2d62f3a5e5f438d921b2d8e9db389dd16d50bff82124853b5c1e2048aa

/data/data/com.spacex.runner/files/profileInstalled

MD5 67b8c5bd153e254ae7ab68b0f9575f91
SHA1 7e235a665e0a8e806e2c8ed781baa560425165cf
SHA256 915f7011e592f024ee5c1c747b6a3e813e20ea6dd6153591b3d1aa29c45a920e
SHA512 9888c91580468288c065040d79759b049aac50ea828d954dff72d7cd8c9938428a4cff7bccf7ec3fa6d2ef69a1ea6a03e283d47943440be615be1bea7a7d8f53

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-19 22:04

Reported

2024-05-19 22:29

Platform

android-x64-20240514-en

Max time kernel

179s

Max time network

137s

Command Line

com.spacex.runner

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Checks the application is allowed to request package installs through the package installer

evasion
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.canRequestPackageInstalls N/A N/A

Processes

com.spacex.runner

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.178.4:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.200.4:443 www.google.com tcp
GB 172.217.16.238:443 tcp
GB 142.250.179.226:443 tcp

Files

/data/misc/profiles/cur/0/com.spacex.runner/primary.prof

MD5 e4c5fd3a07e0ca372943054b1ee0a0d3
SHA1 2429c4ce069a75a3b847cc228d104ce2d89df9ea
SHA256 6009ace2d2b6ce50302b522c523702936e07f6f3fa712936cf17f704f5ecfaf6
SHA512 67f1b1ef5dc3a90454733a14a5122ca9dff2777d4aa4e9592d296ac419314eaf5eb3f7ed06e1284e50ebdbdf9c6e582cbec9765dbe291e91f7467951b9a645b1

/data/data/com.spacex.runner/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 f064e6f0cf3a2f682a80a95d05dbdf9f
SHA1 6513cc7601fa85fd0d983238f701b9acee8e20ae
SHA256 9833541d55f9f5f66361b2358bcc08dc7926a4c730102a72e1617561455e5a0f
SHA512 40a33f5ff965a63f038fe416f61ef4b82d1f612f02dd5121e7b31ebb9769df22f4141f7635dcaec871e2b5ecbdd8804dd2b1fd6fbcbc9e1ea8b2e5f9b9933d47

/data/data/com.spacex.runner/files/profileInstalled

MD5 ae467a0806be5c000d6e51cffac475b9
SHA1 1b4c3b6bf5fa8b4758674c623d55a6d822dc0810
SHA256 bd0e8a8d26f5405ce87f9a71108ff5dca3d4b491d07fa51f8f22ba6dff3b49fb
SHA512 7cb83c226152d5a1d5ca2b649645f20ea9c9cba3ad4c16004a78d4e6e8fac44e3d2af3be01ea5ae50819d18e1dc02ed4d2f89367536e53f788dcc291a9f5c802

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-19 22:04

Reported

2024-05-19 22:29

Platform

android-x64-arm64-20240514-en

Max time kernel

179s

Max time network

132s

Command Line

com.spacex.runner

Signatures

Removes its main activity from the application launcher

stealth trojan evasion
Description Indicator Process Target
N/A N/A N/A N/A

Checks the application is allowed to request package installs through the package installer

evasion
Description Indicator Process Target
Framework service call android.content.pm.IPackageManager.canRequestPackageInstalls N/A N/A

Requests allowing to install additional applications from unknown sources.

evasion
Description Indicator Process Target
Intent action android.settings.MANAGE_UNKNOWN_APP_SOURCES N/A N/A

Processes

com.spacex.runner

Network

Country Destination Domain Proto
GB 142.250.180.14:443 tcp
GB 142.250.180.14:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.232:443 ssl.google-analytics.com tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/misc/profiles/cur/0/com.spacex.runner/primary.prof

MD5 e4c5fd3a07e0ca372943054b1ee0a0d3
SHA1 2429c4ce069a75a3b847cc228d104ce2d89df9ea
SHA256 6009ace2d2b6ce50302b522c523702936e07f6f3fa712936cf17f704f5ecfaf6
SHA512 67f1b1ef5dc3a90454733a14a5122ca9dff2777d4aa4e9592d296ac419314eaf5eb3f7ed06e1284e50ebdbdf9c6e582cbec9765dbe291e91f7467951b9a645b1

/data/data/com.spacex.runner/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 0f76bd44528d78b188e7cfa0230de867
SHA1 0e7204d5e1ba7c2eb030199c52320e68f6c90a37
SHA256 e7effb3a3fcb2cc3a0d1021967b35c326425517a0f3387dfed64a92e325a6e53
SHA512 9ab4ac2e5db4ed2a908d0f8f98fb0a4aadf91467f190aace9367c1da575e7053670e7d3e735dbc2d4e2d4100e384fbe2d311ff7158757da4e4438ca8a1b7ecd1