Malware Analysis Report

2025-01-19 08:10

Sample ID 240606-dbxczsfb3z
Target 965efa408f57f5b55b4bf5ff3e68636d.bin
SHA256 c5b3598e5f57502f4d0bce433cec2fe2774cbc807dc7b239e499cb92357383ae
Tags
discovery impact persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

c5b3598e5f57502f4d0bce433cec2fe2774cbc807dc7b239e499cb92357383ae

Threat Level: Shows suspicious behavior

The file 965efa408f57f5b55b4bf5ff3e68636d.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery impact persistence

Queries information about running processes on the device

Queries information about active data network

Queries information about the current Wi-Fi connection

Queries the mobile country code (MCC)

Acquires the wake lock

Reads information about phone network operator.

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Uses Crypto APIs (Might try to encrypt user data)

Checks CPU information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-06 02:55

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A
Allows an application to read or write the system settings. android.permission.WRITE_SETTINGS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-06 02:50

Reported

2024-06-06 03:00

Platform

android-x86-arm-20240603-en

Max time kernel

179s

Max time network

176s

Command Line

com.efun.smds

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries information about the current Wi-Fi connection

discovery
Description Indicator Process Target
Framework service call android.net.wifi.IWifiManager.getConnectionInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Reads information about phone network operator.

discovery

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Uses Crypto APIs (Might try to encrypt user data)

impact
Description Indicator Process Target
Framework API call javax.crypto.Cipher.doFinal N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Processes

com.efun.smds

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 sdk-download.efun.com udp
GB 43.132.64.165:443 sdk-download.efun.com tcp
US 1.1.1.1:53 graph.facebook.com udp
GB 163.70.147.22:443 graph.facebook.com tcp
US 1.1.1.1:53 game.efun.com udp
HK 101.32.16.91:443 game.efun.com tcp
HK 101.32.16.91:443 game.efun.com tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
GB 163.70.147.22:443 graph.facebook.com tcp
US 1.1.1.1:53 events.appsflyer.com udp
GB 108.156.46.26:443 events.appsflyer.com tcp
US 1.1.1.1:53 stats.unity3d.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ad.efun.com udp
HK 43.154.211.153:443 ad.efun.com tcp

Files

/data/data/com.efun.smds/databases/crash_reports-journal

MD5 400d676ce8c55721ef98a6cba6f1afca
SHA1 b9f4acc2bf4bd53ad88fbe8c3256b3181e343255
SHA256 b1254bedd38d2bae005e4e41a4fbd21218dff482c6602c80267254c2d2f96352
SHA512 4f20823b3deae59d035494a3d27dcec587ed76767f97ce28cfaf0d395063902faa8ae84937c7bfc8220f6292450d0c77bd43da36201dca7ffcee04a7a1dc5dce

/data/data/com.efun.smds/databases/crash_reports

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.efun.smds/databases/crash_reports-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.efun.smds/databases/crash_reports-wal

MD5 08db2fa4bda1a4c62cb5e21a07b86c87
SHA1 c47cdb1e68e4234fb5aa0a06068f0d44d90fa860
SHA256 c353b32e79580aa6a22e57b799d3672be860bb7d6b61aca696925875188b7486
SHA512 74feb653ef91163c222fb11048e81fe65691056f3109c9204d46a018f9205daabce795f0339056d941376530590a6037423562c588d03175e173ec1b1327ea23

/storage/emulated/0/Android/data/efun/efundata-uuid.txt

MD5 1861eb0a8bc5209e6f29024ae17692a5
SHA1 9493024227c48fc95e796980e14149f994d51391
SHA256 a8d4b4100263ac9b5fccfe15006d115fcca52e534363db46febdd1c4e4ae98a3
SHA512 c60d37c47c8bafab275f25e4f0f2ceb586ef148e5bc8f5e3f6d60e2edf5f195c7fdfc1cac7613076cf9bfc066f679433c2f85e1f3eaf01dc96d663cfc090ce16

/data/data/com.efun.smds/databases/google_app_measurement_local.db-journal

MD5 75ac1839e5fe57b842d4c0cf4da4c19c
SHA1 cfdca13461c012de398222dc7418e450c742569c
SHA256 50279da75fd9fcf7131fc4673c82ca19bf29c3854114c97b717fbc956c1126c3
SHA512 b65e8683fdc90ba04507554822b9dc93f71955584536728e5eb70a4bfb4afeee551efa51a2b34c51fa2499dad6f71f63c136ab6894705984e1bb6c30f87128e4

/data/data/com.efun.smds/databases/google_app_measurement_local.db

MD5 7f8d0793e107eafbd1cb2cb373cb7385
SHA1 b88876b0899cb55dcb48bc8544d2fff1dc27ac6c
SHA256 fc0e2990f27506a0cf1bf7376a0ae448471f14924415f2a5df02a5c6ca971bfe
SHA512 0d298903206d6746b5f32253eca629d1e41a3a45e10890b61c695b8862bb595124c22b7d7cfbebf4c0a8a1416475f8cd1e468ec50c0599a7cf11aae7e7ef412a

/data/data/com.efun.smds/databases/google_app_measurement_local.db-wal

MD5 4c432a1be1353f5e8f9a74a97c2b1a87
SHA1 08c1fbc53c87ad804e7d7b563081944345b779a2
SHA256 2002b03ee00076c0657da015564220f2a8735d32725abbe175d9621623ad5995
SHA512 b77385343b19fd7fff9348ebf574547209c66438c0a8a7a7e3a2ecf43e88f6843d271720e02f16e4a1a353e3e0631accb042cbe31097444bba46b5f1bf58e3d5

/data/data/com.efun.smds/files/efun/efunDomainInventory.txt

MD5 47833d572abd8b39c9fb22a7098351a6
SHA1 8fe8c9eb48d2a82838ff051a4ea645926ed98c73
SHA256 55167b9eff83062ec27dbe8215ffc9cff39732805c877ee01c562d5a86adee02
SHA512 1b5c0e62173de7b8f0ac6ddd242d8a027fc85c044d4db3e153a57e254d89116fd1b9d445be4c6e79fb763591e7b3a5e8b4c6f02200fb6d29a6daf4149e9b9405

/data/data/com.efun.smds/databases/google_app_measurement_local.db-wal

MD5 4c5c57798f1600d3d81bfb7b97558e70
SHA1 293087aa85d52cdb391c04d0c3586fe89631049a
SHA256 623f017326f4ef7f39ed806f2732482c9abde4678779f5382d6382b9c4eb71a1
SHA512 574a2e909598b7808c0395e86342efaa7841ba0e6012ea04d00964defac9e562bf6df784af899f35eaa1e90aaabeb6c929f7b5bba948765d989a91702c74d27f

/data/data/com.efun.smds/databases/google_app_measurement_local.db

MD5 6b63b92f6d4ec960961ab1deba76d015
SHA1 bf6ffccf76f70b897c1a6cb46d129418190f509d
SHA256 a16377ad9b4b59218937f24a93699b9a7cc2409814ad71504ffb45c59fc699c9
SHA512 43e6e2290c76065c77021b625e5f31d41df9f98b2efec0db7e363c7b34bbbeccff92699465c899a34400ddd1195d67f580e4f0eb92479defdaebe4ea24fd9e21

/data/data/com.efun.smds/databases/google_app_measurement_local.db-wal

MD5 8c93c7ebd28561ebbbf55d2a4bc75bba
SHA1 392561c5510790671f7ce6ff5b1d7f066637f4b0
SHA256 ca6d9b570407fe79c8fde340b35653552c19a45984fdc58734e15f5303dac3f8
SHA512 9b5a990c4395994cc3816c0c08951e16c3cee1e26d95d2e40cb61a6a4f51eb55f41958ba0ed7182af71c140012b7f2c085b34fa54bad41022cef9b154e39df02

/data/data/com.efun.smds/databases/google_app_measurement_local.db

MD5 0b8196081277b054bb75bb94a0141d9a
SHA1 fb3ee63e02b4cb47db7ff6e01a9133d39f372ebb
SHA256 ed5d9f1b129d60c32ade672a8a77acba83d68be4ce3c5ab05072566edf2e12b4
SHA512 319c57c22039cd0fd2dcf3761fae21883fc4606f53817b7cfdc61d2e817c1e90be977f9a3a67163bad6ff10a557721b81e5d4dcfa78ff1821e765f011b2439a7

/data/data/com.efun.smds/databases/google_app_measurement_local.db-wal

MD5 692db734e653b98e0640f840a4db174f
SHA1 2d201abe632cbce87ecae1c9058f20c84f8e47ee
SHA256 143ff7d285292efbefb1657aa7f40dd46381a896bce43d796f3266a172a94211
SHA512 1b5581498e3decadf5412824b3542ec4ef7e0a37976fd676e903ec311415edb0a12007351c9371ca61e262f408c387cf38e3c6a6a111cfb0989058afa672e801

/data/data/com.efun.smds/files/AppEventsLogger.persistedsessioninfo

MD5 9ead88a8309edea46f943d42ca714b29
SHA1 f2e5ac6031192d5fffd9474a1654f24fff19e3fc
SHA256 3a9d8241e90fe42345b3da3f84a38f0902400a7116bd18d235c083ab97f2f6bb
SHA512 b3ff78b67890560b4a7dd9472caf67997bbb355f97bd5746eb92593536b4b76e1e58167c9f7b029b8ff65b77cde87f76efdb37912eff5b19bc3ec12b3170cc4c