Analysis Overview
SHA256
54583791e1d906c2f77b10feec1d842ddb8afebc14f4ceec0483e89fccd194e9
Threat Level: Shows suspicious behavior
The file 54583791e1d906c2f77b10feec1d842ddb8afebc14f4ceec0483e89fccd194e9 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped Dex/Jar
Declares broadcast receivers with permission to handle system events
Declares services with permission to bind to the system
Requests dangerous framework permissions
MITRE ATT&CK
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-09 02:12
Signatures
Declares broadcast receivers with permission to handle system events
| Description | Indicator | Process | Target |
| Required by device admin receivers to bind with the system. Allows apps to manage device administration features. | android.permission.BIND_DEVICE_ADMIN | N/A | N/A |
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
| Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. | android.permission.BIND_NOTIFICATION_LISTENER_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows the app to answer an incoming phone call. | android.permission.ANSWER_PHONE_CALLS | N/A | N/A |
| Allows an application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether. | android.permission.PROCESS_OUTGOING_CALLS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to access approximate location. | android.permission.ACCESS_COARSE_LOCATION | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Allows an application to read the user's calendar data. | android.permission.READ_CALENDAR | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an app to create windows using the type LayoutParams.TYPE_APPLICATION_OVERLAY, shown on top of all other apps. | android.permission.SYSTEM_ALERT_WINDOW | N/A | N/A |
| Allows an application to collect component usage statistics. | android.permission.PACKAGE_USAGE_STATS | N/A | N/A |
| Allows an application to read or write the system settings. | android.permission.WRITE_SETTINGS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-09 02:12
Reported
2024-06-09 02:15
Platform
android-x86-arm-20240603-en
Max time kernel
12s
Max time network
138s
Command Line
Signatures
Loads dropped Dex/Jar
| Description | Indicator | Process | Target |
| N/A | /data/user/0/com.epasufob.kybavfgt/files/dex/5ba6eb5002f180c9.zip | N/A | N/A |
Processes
com.epasufob.kybavfgt
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/data/data/com.epasufob.kybavfgt/files/dex/5ba6eb5002f180c9.zip
| MD5 | b4cffe9e1e850db674b8360c64b57d75 |
| SHA1 | f538393f3ae2c14bb6f1f0aa33b0544709fb56d9 |
| SHA256 | 6c5834655a200497a66f0b7fa6fdccf4a0803e940789c1abb54501148fecf435 |
| SHA512 | cf15e56af5234447f1caf357ab8659d70dffd2ef2cae9596d5f510037ba0a00712316db58ff2dd6d8348990176f56d5b5027fc2b4a4123b848602455e451ec56 |
/data/user/0/com.epasufob.kybavfgt/files/dex/5ba6eb5002f180c9.zip
| MD5 | e0d7369df2ea7ecebc70205bfb6edef7 |
| SHA1 | 2c39cad387047163608aa3a29ae978b7252e6448 |
| SHA256 | 3f52b585382c52dc33eca0a533a3fae045457fc23a7966958c9379d88b6dd617 |
| SHA512 | d6efcf5ffd7708a855fde8a366b15c84272a0e6340c30d2688ae6bd80997f3ec78747b3f10a6ba5bc7bfe3597988f19d54a31c0831bf8923a09d70da9673d7ad |
/data/data/com.epasufob.kybavfgt/files/449741.so
| MD5 | a5840239547e86ff7233c95bf43e3fd1 |
| SHA1 | a76f73100e88f790bc4c802f08c3ce94ec11e8a2 |
| SHA256 | 8d3357f889f5f96aaf4dbdf854fc8585a72dd3830174ca6a108aeec0e067b973 |
| SHA512 | efcf40e66faab794a3c88aecc9900f26e060d259902517550228c404a05d9e386d4e95642fb35c4e16285f324e3c9f36a0173e6cc3bb63b96357d1ae05a0f926 |
/data/data/com.epasufob.kybavfgt/logs/Sistema1717899149312.log
| MD5 | 8bfcd8086d57ddac3f3c956beb90107d |
| SHA1 | d44f55d75ee418f792492401c1bee44f882eea4d |
| SHA256 | 61742ad25110facafd845c03feff05a81c4f2486c5957d6e5d6a88b97f1384e4 |
| SHA512 | 2caeacaac5679a9009520a8ea22e8a6b26172ee9371f33eb6512d134fc1b719d41937c611d5fe42821a139e480185a59bcb8f7a8330007ecae9ef4b30f83bdac |