Malware Analysis Report

2025-01-19 07:54

Sample ID 240610-l35sfagb79
Target meta5.apk
SHA256 d074ef1892094b0fdd31d11262186f8c269008e7e44307540856f93578beca30
Tags
discovery evasion execution persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

d074ef1892094b0fdd31d11262186f8c269008e7e44307540856f93578beca30

Threat Level: Likely malicious

The file meta5.apk was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion execution persistence

Checks if the Android device is rooted.

Checks Android system properties for emulator presence.

Requests dangerous framework permissions

Queries information about active data network

Queries the mobile country code (MCC)

Acquires the wake lock

Registers a broadcast receiver at runtime (usually for listening for system events)

Schedules tasks to execute at a specified time

Checks memory information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 10:04

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 10:04

Reported

2024-06-10 10:10

Platform

android-x86-arm-20240603-en

Max time kernel

298s

Max time network

334s

Command Line

net.metaquotes.metatrader5

Signatures

Checks if the Android device is rooted.

evasion
Description Indicator Process Target
N/A /sbin/su N/A N/A
N/A /system/app/Superuser.apk N/A N/A

Checks Android system properties for emulator presence.

evasion
Description Indicator Process Target
Accessed system property key: ro.product.device N/A N/A
Accessed system property key: ro.serialno N/A N/A
Accessed system property key: ro.product.name N/A N/A

Acquires the wake lock

Description Indicator Process Target
Framework service call android.os.IPowerManager.acquireWakeLock N/A N/A

Queries information about active data network

discovery
Description Indicator Process Target
Framework service call android.net.IConnectivityManager.getActiveNetworkInfo N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Schedules tasks to execute at a specified time

execution persistence
Description Indicator Process Target
Framework service call android.app.job.IJobScheduler.schedule N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

net.metaquotes.metatrader5

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.42:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 content.mql5.com udp
NL 78.140.180.86:443 content.mql5.com tcp
US 1.1.1.1:53 mobile.mqstore.net udp
AT 107.154.149.6:443 mobile.mqstore.net tcp
GB 142.250.200.46:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.180.14:443 android.apis.google.com tcp
US 1.1.1.1:53 notify.mql5.net udp
NL 78.140.180.231:443 notify.mql5.net tcp
US 1.1.1.1:53 content.mqnet.com udp
US 1.1.1.1:53 download.mql5.com udp
NL 78.140.180.43:443 download.mql5.com tcp
GB 142.250.200.14:443 tcp
GB 172.217.16.226:443 tcp
GB 142.250.187.227:80 tcp
GB 142.250.179.228:443 tcp
BE 74.125.133.188:5228 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.169.46:443 tcp
GB 172.217.169.46:443 tcp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.200.42:443 semanticlocation-pa.googleapis.com tcp
GB 142.250.178.14:443 android.apis.google.com tcp
US 1.1.1.1:53 mdh-pa.googleapis.com udp
GB 172.217.169.42:443 mdh-pa.googleapis.com tcp
US 1.1.1.1:53 safebrowsing.googleapis.com udp
GB 142.250.200.42:443 safebrowsing.googleapis.com tcp
US 1.1.1.1:53 www.youtube.com udp
GB 142.250.187.238:443 www.youtube.com tcp

Files

/data/data/net.metaquotes.metatrader5/databases/com.google.android.datatransport.events-journal

MD5 20ebab01651d6003a5495afe900aa405
SHA1 af208a171af77741cf61f830e86d3d500827e0d2
SHA256 09bd83547c8699a250a31b4ec52b8f305a3d411f75042f868b24e9d03819b37c
SHA512 6280bdef735ef4910aad63a878851ad7290a117a1589ff020e36295afb616bd3884b2f295b30a8282d272a3394c2da88622cd7d93e3e65469a0d78ddae45b124

/data/data/net.metaquotes.metatrader5/databases/com.google.android.datatransport.events

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/net.metaquotes.metatrader5/databases/com.google.android.datatransport.events-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/net.metaquotes.metatrader5/databases/com.google.android.datatransport.events-wal

MD5 55e8688ea3973118290916a18e842ac1
SHA1 3ad5601a310b89310aeaa2bad5c57adaca4c003d
SHA256 6b6eee58143cc5ea50507ef9d9d098010832940ecade86f9d5c105859e400ddb
SHA512 7850d8dfdecb1b3d61276cf5d9a7d81c949170edb0a790a585edfadf31e47568370387841ccfb2bf1851fecb1d28fe7b9e3674eb83bef9e01494272a6c54d022

/data/data/net.metaquotes.metatrader5/files/PersistedInstallation8273715606903523737tmp

MD5 7feae4bf4cf9cb29bb62ffd4561b1ba3
SHA1 43bc733bf383526821be8d094fe7b759548a31a0
SHA256 66528e7aa8ecd496f0eefc34203dfdb80ec22a52f789c4bbc6773468fbad9517
SHA512 0d8664d4e9a343d323cff003634d8d53f5e8c43b11aa60363e086e142460f473759b8612a385aab3132431330757228e9a05750292ecf5bbc5c435d1ebe72f14

/data/data/net.metaquotes.metatrader5/no_backup/androidx.work.workdb-journal

MD5 5fe9fd286097e859584455d6a0b0988f
SHA1 b43ca073f25b3a2f83de9eba486bfd5f1df9d5d6
SHA256 0b7785de38e7199359d453340c3a852653275089a9439b8a695fdedcb231d858
SHA512 8b8b98912adfd1a04afc0becfcc3765b05db7526ef029399b9082cabaa5399cdc797c7d4e0ff4bac43503c18ed2d8dfb04a61292f2834d7932afabecab0928a8

/data/data/net.metaquotes.metatrader5/no_backup/androidx.work.workdb-wal

MD5 a22a4937ff6aad17655ed78756819b49
SHA1 6bffec24a80103a3d7ad1b1444a7b676cf42ea0b
SHA256 be9488d28d525da5c474db9d1201c7f05a819d716c698376b8f89fc6e4c4ad41
SHA512 72740745893f18a5effb31d4c09c06699a90c7fb2070c3e7f04d96dd130cd558c13e990c6d8e690b9c2cb5f2a98b66549d2558efea2ad8ef1ebba442d89ba1fd

/storage/emulated/0/Android/data/net.metaquotes.metatrader5/files/logs/20240610.log

MD5 0b1b09218ad39523064b429bb75e2dd0
SHA1 14d7b4c30eac348f0a60ddecad086fd7607c57d2
SHA256 042eb5beebe8ae651488064e0e4a9b49d147bbe3ceb6f3049e08763a3ded35b0
SHA512 80a69b2bc15e643930abe488a504e0b73d777cea817b9aadbe40d5c92c918cb5af673321b6445b498e91326b17661db5a4af2f918c475e0b7889c8fca9882692

/data/data/net.metaquotes.metatrader5/files/.mqsn

MD5 fea5cb042e1cb1f5cb6f2bb61bc8efb8
SHA1 9856026eb5d2b5df63936df979fb454b2bdb7267
SHA256 28e18d680efa88208a2b1967b503b863a12c909d212d6c6c966ff3fe98ed8c45
SHA512 1a570bd1908515a16e2b627eee51a1804a111020c7d2c102d79c16f32e478a24f01a1860b4a7a8d3617aa9840248c46a157f5fddef49c5cf62201adf40c86948

/data/data/net.metaquotes.metatrader5/files/PersistedInstallation1463046182032894153tmp

MD5 e92521038b0478191d70366a6faa9ce7
SHA1 e61dc57a3bbd6842f6823303fd1ab55f8a4e867b
SHA256 d39eab78d28cb40cae2c02cc6178265b656ce2c84fb57fdce500e5f146b23568
SHA512 ba8f5a9c17262a70bc41f2ce0cacc7828f3d43aa1f49140fb4e1408865b72d465bb4e886eb3c2c073d53fe491c56c31016e8efbc13f39647b2ac124b0d85b771

/data/data/net.metaquotes.metatrader5/no_backup/androidx.work.workdb-wal

MD5 fdb523a25d49feb71f5d353354a6a854
SHA1 c721aaaecb07d0caeaffddab802aae1fbcf5b883
SHA256 97e9894168d0578d7fe7f925d79e67866610244c90724ae04a898ea3d1458b05
SHA512 1a505ca7f3fe837a075ec9d1987d6015ae1538f23dc7189200d6289fc34e8c2f4dff6bdc249420b5ebc5c2468841d4e5294e3e2462a229a0046cf1242446ab24

/data/data/net.metaquotes.metatrader5/databases/google_app_measurement_local.db-journal

MD5 c59e5a84355538f519b4ba835f54b588
SHA1 3edf615f6a7d075bd3e72e2804b4565f97471f1d
SHA256 948fea3e3f5617273c0440b5c2040f08ac0115a8ed7f185a8fea9c80f94cf3d6
SHA512 57fa0a13a9b39636da5bf203febf01dcb3472c17b056239afc2de08c0742d9c64d0325c1d983c75e4b7f227a35d9a519be23a8b4cd95e4041608458930f5c644

/data/data/net.metaquotes.metatrader5/databases/google_app_measurement_local.db

MD5 7237409e0640cfab7bdbd429bf821a3b
SHA1 4c3da934842f8d4835dfe2a9c275a300e5123309
SHA256 5c8e1b63d187efafe1e09bfadd83fd360176d689b57b5a0cc40e6854c12449fa
SHA512 c8afaf6a8ee43ce3601feff417bfaec563c01bcff0aae24577054034112b2020967f25b0b1a919c3c9e5e81d62a21a87e908b782c4d5cb8bba8ac259108e9c1f

/data/data/net.metaquotes.metatrader5/no_backup/androidx.work.workdb-wal

MD5 9bcb90784d368f3eea701a5e3e6a3f16
SHA1 15e925b34c8a2a659c0f0bba7d2c58fa5ba169a9
SHA256 d034f7bf5c91aa6748beb83e12c5b7cba6f1dd8ca734cce72d9ce565ae1bce5a
SHA512 ed3e76f2ae42471c69e9bbea9cc5afbc7eab96da03c5875f595b5422d8cc7928d9f7b09322131a802dcb618ea4127b9a731a6458062b1d49c57bf435953451db

/data/data/net.metaquotes.metatrader5/databases/google_app_measurement_local.db-wal

MD5 b7a4be6badd08ea850899d7b2417aeb6
SHA1 dde7792feb30526ccf72aa04a87d2a27a7083759
SHA256 fb2441f641eb8f873113934a7b580353ed285b894a0eb50fa46b988f98bc44fa
SHA512 499e531d4b9f987857e2946814839c6ad05d905aa4ad65bfd7ab57451703997dd4799326c28f7609e1bffa967f66574ba6d04fd2c7f141b57ec808014fa85435

/data/data/net.metaquotes.metatrader5/databases/google_app_measurement_local.db-wal

MD5 8113f971cdae46627e2ddd7eaff6fb2a
SHA1 a4c1e256ed6c8d5204f7b759eb4da283a77baa9c
SHA256 1221bed17a73f484dee36931c92b722b22c4a8bf6677aa7db041b5fa42f85cfd
SHA512 4b4937961756cec8c987d924b2e55f67abf4e6fc68a5a3b1e917e65a97f791e6c19d8c92baaed2ce98040035f59afe16adcdd2b675e62a8bf1ce6974f6da45cc

/data/data/net.metaquotes.metatrader5/databases/google_app_measurement_local.db

MD5 eee425a843477789ec01312f0618f6f7
SHA1 255053ce007615421345d14d3d0693aec604c3e6
SHA256 8444cf632daf4f71c0df4eee5774a339ac4ab4fa981098a5f1070dfcc3b290ad
SHA512 236ac9c917f2d1568337178e15b0f891cc49f90b8604dfb6285050bb372a7eb4ccce477bcbc9f34792588aff8534648ca3df21905ba32c10324782d394725074

/data/data/net.metaquotes.metatrader5/files/config/chat.dat

MD5 a94d38062d46b50d629f7588eec44c43
SHA1 a240bd8f2b4dd87822f0bee1cb5b4896799d441c
SHA256 cc7c23bb9bc2905365b01c2b09ed311fbf1db6d710b8a150bc5f4cb53ffcb20a
SHA512 facfc18dd070d996188ea669e2d67374d47f3fda6a95d5c0eea691eb1022d88b2a612acbb476c4c70c6c8ed0781907f393f44e1cdfc42861685abba87b5ee0f8

/data/data/net.metaquotes.metatrader5/databases/google_app_measurement_local.db-wal

MD5 a7ab97b25db0e2742560d10b93d4d2fc
SHA1 cb0a211f903dd1ceb03b34428d478bc3bcf15399
SHA256 91492e8dc75e7536c85c7718102c050c199bc3bcb6a1fbcc3fce1bf7331db5fc
SHA512 6ae56785aef77664ae1c412d9abafe09ff52c88cfbd528fa74beaf9d4453654085b21c9a484cbeaaa150846d508ff0dc6a2e26260854d812b8d1b5c418355508

/data/data/net.metaquotes.metatrader5/databases/google_app_measurement_local.db

MD5 b3ab98f023e8848034f84ca30858317e
SHA1 55ec0351f84daaeaa94db01c242d2903ed2d0bd1
SHA256 8a36a4d77bc53166981fc7964b979c3c330d6e65673c9acfac14ccc9c41f3f64
SHA512 8792e4aebcceca016a9cb996692928c0f75157e9926a37e57f65b939d985d57842d4f8b76bb723f6bfe3663574f80ad32cb99ff0b990fc87f2bce07a86f5190e

/data/data/net.metaquotes.metatrader5/files/config/servers.dat

MD5 1e3b415ca42e5ec4129de0ab5ba0d8ac
SHA1 e1ceff98f2e910b63db290844d4f6acb10d8a81c
SHA256 20097b3c3cfb271f1d5d3faa1b7ca1a813ee08f9886970bb5f837c42d2a11f3a
SHA512 f011269b445cb230f2c00b39a5f8c0f6842a5a5da69f346389263531d9ade7c8e7ae9e4bf2576498dd52dabed25a15f7e01e86ecb320f88c041f77b6cc49fa0e

/data/data/net.metaquotes.metatrader5/files/config/accounts.dat

MD5 77eb17d1b046e94b5f99f3aa5bab6c41
SHA1 20611d816cb73e438445d2773a04a4745c26610c
SHA256 28c07c52260996f553c289433675e55caff733e903060db2556d713fb86c0995
SHA512 65c9761a289bc70792eb5e4e9a22e0691af8aadbe6739417bb0f149bccdd3e51346bab7588dfeaf79eef6ef328636f4ab296996e624062f2f15a6e4a14b9863a

/storage/emulated/0/Android/data/net.metaquotes.metatrader5/files/analytics.dat

MD5 a910b51df38dcd33134c3c4a3e90a113
SHA1 54e133d1b6a5933effac5a7753dab1b22427081b
SHA256 b19174edf27f4c446fbe3cc3d7348a1994c2fb38f9752e6eac02ec6b945dc85f
SHA512 0a691972786843adff0ae7070d9de2ab7532c42c3c1b31a572dd5b268ba2a016c38dfd350596de20416c49d09546e8c05b0616f53427cf41f0a3944f6fe9e4c4

/data/data/net.metaquotes.metatrader5/files/config/keys.dat

MD5 f56e2eb4eb24005617df8fdc1ecc44b7
SHA1 69ba6228634c30f2fe357b3a20f5d5688145ca20
SHA256 994e12ca351c8c11b824924cc7b45c53ff95b7bb7ae497ed378d9ef8fda7a406
SHA512 200e37cd63671d4d27b56b9acd83d47441ed0f7e83b5428f9ee313c7811add6a94beb6eb261ed03582394ed5223cd09e79bd4f5eca8feb92ef062adbbb8330fb

/data/data/net.metaquotes.metatrader5/databases/google_app_measurement_local.db-wal

MD5 47ece192b88b24fb5165fc15d7b56548
SHA1 e24c1922d83b9acc7333bffe066b87ab0aff9b46
SHA256 38f9aee94504dd459517c38f4a9d594203d42789d587cdfd8a1b5e7d2437f324
SHA512 ee1e5e05a995d3b7f1b2b224293b37c41309ebbce1137737b983192039f8eb9a49b4bc957033cdc0da80eccbbb4346929847879a13d1560b6c146f721b26aa01

/data/data/net.metaquotes.metatrader5/databases/google_app_measurement_local.db

MD5 49bed19354958d3e07164251e81a8861
SHA1 3e4223d98e7824291c136bdb7ccd27fe6f880525
SHA256 67eaa74f29e53e79870e2492e51aa6992848f4ad2223689aabed9b45d1d0c058
SHA512 ef0ddc6f26d2a41084102e8871c09b466bdc3b4461f74c32d6c251965b41c4e5cc20ddafa9ae113de23147ba6ffc32b80bd8771313c56009dd44d562baff0ed8

/data/data/net.metaquotes.metatrader5/databases/google_app_measurement_local.db-wal

MD5 3cf3dcd7aa5bab5716e8657e84d65886
SHA1 413dc994d1b29a60227221494621ce4a195cc9dd
SHA256 fe3dc007260db92dbf69f821bc71a491f673182e621234c89afe52b3dd489bba
SHA512 1d3b448228cb4140a303c116d1ca6545f77704887cd79649a61535561b25f85b9bc4d54c9e7e71fe3cb73e2350e55fa32e4fba801d82f1e0efb021bc84c44a94

/data/data/net.metaquotes.metatrader5/databases/google_app_measurement_local.db

MD5 5905d5ad4e8acb3a42e2a0af1aa48b61
SHA1 1efb6c68120351a58b8570ee10fca19c538e7402
SHA256 17ea317ecb5110a6e81d004a1521fe10db1c870d85ce91087a748d377b3f39c4
SHA512 210361e07e1162c35bc44a07b603f8d7b21b24cbd65557a754b398a723b84279665bcd2ca3055b15b6b1de32e5f152765e950348fbb3bfbfb9805afc0dddad2a

/data/data/net.metaquotes.metatrader5/databases/google_app_measurement_local.db-wal

MD5 a5b9085b128ce13a5ca287e66e0dd312
SHA1 7a9b85f5af2d1d5d359dcc757c2600c67d0e7c88
SHA256 cab287664099ee4f4943baa76e7a639c925539e288f91c8912a45488837d3172
SHA512 90640f36e09298d086f306df1bb9955e021d1dc5de94b5aa805c501ceb00df3e3af415ae7d0cc3c6339026bad10beb9fa349e1bd8c19c5a69529b102752cb3db

/data/data/net.metaquotes.metatrader5/databases/google_app_measurement_local.db

MD5 44693692da738db6eb133cf0e4cde91b
SHA1 e6bda56494c325d8d37ad89552263ae85d9b0550
SHA256 8fe0ac9db76d4a2dcd3b3d54c0efedcd223e25aabf716506493d50e243a7a2d4
SHA512 b34ddfe1ae343b1b12f7029ae476a0ba8e1b4043ccb520afb412b3f71335ef679bf29723c9a5c00af7e922e9982d5b3af54b2ed779da8cb601f378e5b9d26be5

/storage/emulated/0/Android/data/net.metaquotes.metatrader5/files/analytics.dat

MD5 93db43c24cec218f20317346cd805946
SHA1 cf09255895adffc3228a773a7957f57807565475
SHA256 72381246b207709ff943fbf01239c134f2bcc7b5d15c89358f63ed47d7ae4fa7
SHA512 53a3602c586368e77860bd029ab606e92c9698c277c6ec8660540e671de63175e284851e2759e958a9ac8c71d2c0a28fadcccdc6810a750c48739c066bd0a18f

/storage/emulated/0/Android/data/net.metaquotes.metatrader5/files/analytics.dat

MD5 71aaf87860ccbf291e7ef7be230a4d1a
SHA1 eea8888f9b95b1c72f3304b43544774eef71bdf1
SHA256 9a8fdbf2bb38ff1fed4e3b52b4acd696e19cd6856b881969048f50bd6b73263c
SHA512 9877a037cffebf24975b197f9bb801c27e449b0ad890e4a3ac3fcb453d7bd5e15e10f8e780c8168be26ac73ecba100f6507407dace1d0c771671b88b4350a713

/storage/emulated/0/Android/data/net.metaquotes.metatrader5/files/analytics.dat

MD5 699bc4943093b93f2b7d98e38ace80cf
SHA1 ab97ae227353d172694f376d43775872fee0035f
SHA256 caa3e1c67cb8e83d6ba60be76603946789a56dc78cee43dcf98954d770cb8e22
SHA512 94f6ef7deb509765e53dfab5f10c2593e0e8e48d676274bc49184e713e81a3301f9b119eb64cf5502618367c6c35022e13f380fbb077bd4ce29ca47bf8a6bde6

/storage/emulated/0/Android/data/net.metaquotes.metatrader5/files/analytics.dat

MD5 2cf32535b15028fd66a4fb7f460ed9ad
SHA1 26d73d11de21129ebc07354da1f6edadf40b0492
SHA256 756380b3ad72917b421cba6712a4bc5e1f731151c415a7fa35aa56beae0d1d6d
SHA512 25cd12e0abba7081addcfbf07e4e5f8b213f5d583ec1fb93288ccb39aec2fadcd567b1aac1676d6282d63aa61dea2a2d40e343a379723288872352145e27d4b0