Analysis Overview
score
7/10
SHA256
71a7644e0ca1b69c27e2d5f5030c7b7b32613741e97e8fe742223a3517e41725
Threat Level: Shows suspicious behavior
The file Snapchat_12.90.0.46_APKPure.apk was found to be: Shows suspicious behavior.
Malicious Activity Summary
Queries information about running processes on the device
Declares services with permission to bind to the system
Requests dangerous framework permissions
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-10 14:07
Signatures
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by telecom connection services to bind with the system. Allows apps to manage phone call aspects such as call setup and notifications. | android.permission.BIND_TELECOM_CONNECTION_SERVICE | N/A | N/A |
| Required by chooser target services to bind with the system. Allows apps to modify targets that handle user actions. | android.permission.BIND_CHOOSER_TARGET_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to write to external storage. | android.permission.WRITE_EXTERNAL_STORAGE | N/A | N/A |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read from external storage. | android.permission.READ_EXTERNAL_STORAGE | N/A | N/A |
| Allows an app to post notifications. | android.permission.POST_NOTIFICATIONS | N/A | N/A |
| Required to be able to access the camera device. | android.permission.CAMERA | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an app to access precise location. | android.permission.ACCESS_FINE_LOCATION | N/A | N/A |
| Required to be able to discover and pair nearby Bluetooth devices. | android.permission.BLUETOOTH_SCAN | N/A | N/A |
| Required to be able to connect to paired Bluetooth devices. | android.permission.BLUETOOTH_CONNECT | N/A | N/A |
| Required to be able to advertise and connect to nearby devices via Wi-Fi. | android.permission.NEARBY_WIFI_DEVICES | N/A | N/A |
| Allows an app to access location in the background. | android.permission.ACCESS_BACKGROUND_LOCATION | N/A | N/A |
| Allows an application to read image files from external storage. | android.permission.READ_MEDIA_IMAGES | N/A | N/A |
| Allows an application to read video files from external storage. | android.permission.READ_MEDIA_VIDEO | N/A | N/A |
| Allows an application to read image or video files from external storage that a user has selected via the permission prompt photo picker. | android.permission.READ_MEDIA_VISUAL_USER_SELECTED | N/A | N/A |
| Allows an application to record audio. | android.permission.RECORD_AUDIO | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 14:06
Reported
2024-06-10 14:11
Platform
android-x64-arm64-20240603-en
Max time kernel
2s
Max time network
132s
Command Line
com.snapchat.android
Signatures
Queries information about running processes on the device
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.getRunningAppProcesses | N/A | N/A |
Processes
com.snapchat.android
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.179.238:443 | tcp | |
| GB | 142.250.179.238:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | digitalassetlinks.googleapis.com | udp |
| GB | 142.250.180.10:443 | digitalassetlinks.googleapis.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp |
Files
/data/data/com.snapchat.android/files/cof-recovery-heuristic
| MD5 | c2cb6588cff28170f789a47c9f899463 |
| SHA1 | 6bc5162bc2b56e3a2e283893d14ab3325695693c |
| SHA256 | 9e4ce09686a7050b362a06dcc04ec84bc644c3f6cdce07d3e24ae3259f877774 |
| SHA512 | 300eecd13019e28ff7dc6e3fb25d46795a706b42db2865deac0e08ce8f5b2c9630c14714e6cb65ec05aab49687e918dabcbc52d705a05864d308bf64c10d1b1c |