Malware Analysis Report

2025-01-19 07:52

Sample ID 240609-cn3vvscg34
Target 1a4684d5feb0f9691193460ce3fbed6df42b21cdb4ff4d39c89477e26481d3e9
SHA256 1a4684d5feb0f9691193460ce3fbed6df42b21cdb4ff4d39c89477e26481d3e9
Tags
evasion
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

1a4684d5feb0f9691193460ce3fbed6df42b21cdb4ff4d39c89477e26481d3e9

Threat Level: Shows suspicious behavior

The file 1a4684d5feb0f9691193460ce3fbed6df42b21cdb4ff4d39c89477e26481d3e9 was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion

Loads dropped Dex/Jar

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-09 02:16

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-09 02:14

Reported

2024-06-09 02:24

Platform

android-x86-arm-20240603-en

Max time kernel

8s

Max time network

132s

Command Line

org.traccar.client

Signatures

N/A

Processes

org.traccar.client

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 172.217.169.10:443 semanticlocation-pa.googleapis.com tcp

Files

/data/misc/profiles/cur/0/org.traccar.client/primary.prof

MD5 ebe4600df2c966f72564a01fb71d6988
SHA1 93b01353c5aaaa47a80cc762234a828f6254f35d
SHA256 fedde5ce82dc6a8e57d5d5095785fe4e83c9096c28cbd4684bf39083ce978bb6
SHA512 e6db8b4ca55573dbb9cbce5c0dfeaae1502420fd7796ec0b9a1634ba325217bae12bce8c2c8bbd237e45eccd8e9dff5d5a97332749576ab42501dcc2b23c92bd

/data/data/org.traccar.client/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 bbad7b228b82d915c1c585a52e50d835
SHA1 1a60fb051085ceabfe4ee03f8c3fe659fb0e054a
SHA256 e228ed19165725926bfff22a34694066566b579cf485fc5e26bd8ac3c6faf344
SHA512 0c5886806dc9d79c31e6fb7a9c374c853014acd76853aa362e31f7d229e95a977463d5366ba25f9b11702d70466237479ea230b24dc418ff1536c83b3f570e02

/data/data/org.traccar.client/files/profileInstalled

MD5 aa819b8444485b05dc7bf3e4e3b3f7bc
SHA1 8e9bccb8388e6217aeafb39a386e1d8c5715668e
SHA256 ba69ee7d3518d3f9a63033f171a214c2d16ecffa7438644d56a0f77cfcb89d26
SHA512 4651bed7d96dab950e390afcec0e6cf78cf7d87e630ba275562530cb8be5ac39762e364a824fb946b600b6f047ad0a4c704008fde430c94068228dc8d59181ab

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-09 02:14

Reported

2024-06-09 02:24

Platform

android-x64-20240603-en

Max time kernel

47s

Max time network

154s

Command Line

org.traccar.client

Signatures

N/A

Processes

org.traccar.client

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
GB 172.217.169.14:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.238:443 tcp
GB 142.250.200.34:443 tcp

Files

/data/misc/profiles/cur/0/org.traccar.client/primary.prof

MD5 ebe4600df2c966f72564a01fb71d6988
SHA1 93b01353c5aaaa47a80cc762234a828f6254f35d
SHA256 fedde5ce82dc6a8e57d5d5095785fe4e83c9096c28cbd4684bf39083ce978bb6
SHA512 e6db8b4ca55573dbb9cbce5c0dfeaae1502420fd7796ec0b9a1634ba325217bae12bce8c2c8bbd237e45eccd8e9dff5d5a97332749576ab42501dcc2b23c92bd

/data/data/org.traccar.client/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 3aa24be3e07fb67b096be582fd61b858
SHA1 e9bca909b63288611a4b987921407822170065de
SHA256 fee4f5d7acb9e78283ccbfc8e540f857127dabc3c4bfd3a137c7987ab3200aa4
SHA512 1cb25b2d5e4162844a21c7fa24e54293e2e0ef9711cfcf02994e54a2176ab7726bf0dda2e173c8196c409e013b5c4f95a73abcbd18149466269f6cd71ef9e5b2

/data/data/org.traccar.client/files/profileInstalled

MD5 cb7325f8b2a387c6606e2ad1b2e56637
SHA1 b64627f13e137226b96bd94c11527bd33e492fcc
SHA256 71f3ce8704317fc9e7003fcdff7708bf89788fa8dc3e752788fbc6c77ad50ffa
SHA512 c3a7226cbe9a8cd8c16640c0c4b5d2a98adb0534d3d27178d5a9c317ef750c2a6a4c9dfba7122c2f87a75a46901a3ce696e6e1c78c2af7a492ba87af01199cd9

/data/misc/profiles/cur/0/org.traccar.client/primary.prof

MD5 5c91eb5097c0c97140129db674ea27b0
SHA1 d50c119183d3b074d5908a12824c0fde1aa56935
SHA256 eba9c5b3c314e0d1d56bf066e0fc25ffcf7695b8b418c98cbdd817f88828ffcc
SHA512 c9bded1c9e9b0a53fd0a3dcf2b89dccda6c00f1c686724235cccff9503772ea4cb465937bb12d22ed7d9a065746e6c245dc956265dfe1aa4046883e667957b55

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-09 02:14

Reported

2024-06-09 02:24

Platform

android-x64-arm64-20240603-en

Max time kernel

8s

Max time network

134s

Command Line

org.traccar.client

Signatures

Loads dropped Dex/Jar

evasion
Description Indicator Process Target
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A
N/A /system_ext/framework/androidx.window.sidecar.jar N/A N/A

Processes

org.traccar.client

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
GB 142.250.200.42:443 tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp

Files

/system_ext/framework/androidx.window.sidecar.jar

MD5 bdf3529e80318eb14e53a5bf3720c10d
SHA1 25c9ace4b1af6e80ebb2572345972c56505969ba
SHA256 bbc8300dd1e9cd08de8f66560c1ac2c928615b72b51cef9649f88974f586d64b
SHA512 48b9c2d01171bb651b9b54826baa51f4add48431a3efd8ceb5f7cc3bcd6f8f37edf47fabb24349dd15b3a02329cd450f90a8d164bf4f8dfae554bf3b35a8a55b

/data/misc/profiles/cur/0/org.traccar.client/primary.prof

MD5 ebe4600df2c966f72564a01fb71d6988
SHA1 93b01353c5aaaa47a80cc762234a828f6254f35d
SHA256 fedde5ce82dc6a8e57d5d5095785fe4e83c9096c28cbd4684bf39083ce978bb6
SHA512 e6db8b4ca55573dbb9cbce5c0dfeaae1502420fd7796ec0b9a1634ba325217bae12bce8c2c8bbd237e45eccd8e9dff5d5a97332749576ab42501dcc2b23c92bd

/data/data/org.traccar.client/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 219928ac99d19425a23479c547e4e04e
SHA1 cd46b8f1fc394d19a5c64a54dbbe4782a2fa3b9a
SHA256 359cc27a977458c8c3b95a23bd4b373aee8c6fc64434a9403c2186b943942cfb
SHA512 04b8a85cdd86996d8059c170588a4cd91f4248d4bff27de6804eb7da6d7fbb1138ddc574a23546ead455d4b393061df08d942210d6878457bffcd9d707051472