Analysis Overview
score
8/10
SHA256
e24ad9004cb46df8047944c468c8e67581e88e35bd3ec7f9e9748543f3cb8d29
Threat Level: Likely malicious
The file VirusShare_e09e167e47a753b7eb20583ac507b231 was found to be: Likely malicious.
Malicious Activity Summary
Removes its main activity from the application launcher
Queries the phone number (MSISDN for GSM devices)
Queries information about active data network
Tries to add a device administrator.
Declares broadcast receivers with permission to handle system events
Requests dangerous framework permissions
MITRE ATT&CK Matrix
N/A
Analysis: static1
Detonation Overview
Reported
2024-06-08 18:20
Signatures
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-08 18:20
Reported
2024-06-08 18:30
Platform
android-x64-arm64-20240603-en
Max time network
159s
Command Line
N/A
Signatures
N/A
Processes
N/A
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.234:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.180.4:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| GB | 142.250.187.234:443 | tcp | |
| GB | 142.250.200.42:443 | tcp | |
| GB | 142.250.187.234:443 | tcp | |
| GB | 142.250.200.42:443 | tcp | |
| GB | 172.217.169.78:443 | tcp | |
| GB | 142.250.178.2:443 | tcp | |
| GB | 142.250.187.234:443 | tcp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | www.youtube.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | growth-pa.googleapis.com | udp |
| US | 1.1.1.1:53 | lh3-dz.googleusercontent.com | udp |
| GB | 142.250.180.1:443 | lh3-dz.googleusercontent.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | lh3.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | lh3.googleusercontent.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | udp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| GB | 216.58.201.100:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | mdh-pa.googleapis.com | udp |
| GB | 142.250.178.10:443 | mdh-pa.googleapis.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| BE | 74.125.133.84:443 | accounts.google.com | tcp |
Files
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-08 18:20
Reported
2024-06-08 18:30
Platform
android-x86-arm-20240603-en
Max time kernel
135s
Max time network
176s
Command Line
com.install.l
Signatures
Removes its main activity from the application launcher
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Queries the phone number (MSISDN for GSM devices)
Queries information about active data network
| Description | Indicator | Process | Target |
| Framework service call | android.net.IConnectivityManager.getActiveNetworkInfo | N/A | N/A |
Tries to add a device administrator.
| Description | Indicator | Process | Target |
| Intent action | android.app.action.ADD_DEVICE_ADMIN | N/A | N/A |
Processes
com.install.l
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| PL | 212.59.240.32:7 | tcp | |
| PL | 212.59.240.32:80 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 216.58.213.2:443 | tcp | |
| PL | 212.59.240.32:7 | tcp | |
| PL | 212.59.240.32:80 | tcp |
Files
/storage/emulated/0/lbt.txt
| MD5 | ee0ffd895c1548e86496b3cae58cad4b |
| SHA1 | 37a6f873bcfc84c809f135046d938b85024ec6d1 |
| SHA256 | 717f3d8f542ffb7f934c88ae0cff8d12313ff897f046db1e929da4167066e547 |
| SHA512 | 7a13ca720a3b0c4f581297c3f499bab61fe8f50d6c576a559bd53dd6c31a8f2175d42ec2618e7d3111b603d3c8c3d63d12942fd37a8ad8f05fa8cfd2e492a8a7 |
/storage/emulated/0/lbt.txt
| MD5 | 8dfaef3613a77df28af20272f2d8d818 |
| SHA1 | 653ec8d16e5682f5a7b0783c51396e40ae6d1fe0 |
| SHA256 | 3fd56a260368dbaabb3e962bf310c6831ab04ba25f00a06f5cec4fcffc7dab20 |
| SHA512 | e4efe1ba43177262438c284a21e0d5aae8e0afd1a2fe1b0ffd0231475304d55742cf83ff2fa97403fb28bc5ff45298cd895918303ab39523790abb8c25f6fa78 |
/storage/emulated/0/lbt.txt
| MD5 | b7d6cc7d553d993210fb904b3d6d96e2 |
| SHA1 | 8fd00d1e1094e0c207a713eb86fe058622aaf761 |
| SHA256 | bbb30b23f549b5877c1c90407deb899a94725bb1056ddc926f386a3d01169045 |
| SHA512 | 2d490028ab29fb3e5c1946a75a8b5f568b08309878cb5546563b7a09ac1d7092c82e752aaee33860f1312ea7d9d3f6ca04921e37abf31dd5c63201dc93d1305b |
/storage/emulated/0/lbt.txt
| MD5 | 0b96752e0df73f989091785836fbfae9 |
| SHA1 | b367c209919892c860281a2cc87d99397fbd48c8 |
| SHA256 | 022c95d2cdfb02a48c4a330b3abe40ed15b066eaf77a50cf5d103eab0f821283 |
| SHA512 | be5af4b189a680f82e48e27591b618a0b953962cc7b0a6c69283ac059b1789dd769aefc74c648425beca66ad476acced8e47a7abf27d5929930a96367328fed5 |
/storage/emulated/0/lbt.txt
| MD5 | ec9f32ef2f69e023ef970eb91fd845e3 |
| SHA1 | 99e3818ea725c3cae124ea29fadf1cdb0e992758 |
| SHA256 | a64227e1dd98131240c984b1ad64f155ded02236615922c21b3f35d5c32a730d |
| SHA512 | fd432ac2e55583ef44a546eadb724839efc0f6b4b7363de835236d6e34ec7d5f52c9b9b2492f49b51e2b4485d018524866d339c4866bfa3b18cbdab44644bb9a |
/storage/emulated/0/lbt.txt
| MD5 | f8dbdbd51fe6bfc6d0096919f50b1124 |
| SHA1 | 733a7be0b12ed0b96c6bed3b2f52d8e6b9d10b16 |
| SHA256 | bd38466fa153117126d54f8f1cb028bfa35d00c5d2da3e50547eb23e7e843dac |
| SHA512 | beca867e606450f2c25e3a0863f3373d17cc07db19cfa26b001096060078ff1562d87b676f12e7592c0814d7488632e9237f9e6317e1faa26e26341f4f4d0b03 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-08 18:20
Reported
2024-06-08 18:30
Platform
android-x64-20240603-en
Max time kernel
2s
Max time network
188s
Command Line
com.install.l
Signatures
N/A
Processes
com.install.l
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| GB | 172.217.16.234:443 | tcp | |
| BE | 142.251.168.188:5228 | tcp | |
| GB | 142.250.200.10:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.200.10:443 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 216.58.212.234:443 | tcp | |
| GB | 216.58.212.234:443 | tcp | |
| GB | 142.250.200.46:443 | tcp | |
| GB | 172.217.169.66:443 | tcp | |
| GB | 216.58.204.74:443 | tcp | |
| GB | 142.250.200.10:443 | tcp | |
| GB | 172.217.16.227:443 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 142.250.187.228:443 | tcp |
Files
N/A