Malware Analysis Report

2025-01-19 07:58

Sample ID 240610-regzcsygnn
Target Snapchat_12.90.0.46_APKPure.apk
SHA256 71a7644e0ca1b69c27e2d5f5030c7b7b32613741e97e8fe742223a3517e41725
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Mobile Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

71a7644e0ca1b69c27e2d5f5030c7b7b32613741e97e8fe742223a3517e41725

Threat Level: Shows suspicious behavior

The file Snapchat_12.90.0.46_APKPure.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Queries information about running processes on the device

Declares services with permission to bind to the system

Requests dangerous framework permissions

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-10 14:07

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by telecom connection services to bind with the system. Allows apps to manage phone call aspects such as call setup and notifications. android.permission.BIND_TELECOM_CONNECTION_SERVICE N/A N/A
Required by chooser target services to bind with the system. Allows apps to modify targets that handle user actions. android.permission.BIND_CHOOSER_TARGET_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to write to external storage. android.permission.WRITE_EXTERNAL_STORAGE N/A N/A
Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. android.permission.READ_PHONE_STATE N/A N/A
Allows an application to read from external storage. android.permission.READ_EXTERNAL_STORAGE N/A N/A
Allows an app to post notifications. android.permission.POST_NOTIFICATIONS N/A N/A
Required to be able to access the camera device. android.permission.CAMERA N/A N/A
Allows access to the list of accounts in the Accounts Service. android.permission.GET_ACCOUNTS N/A N/A
Allows an application to read the user's contacts data. android.permission.READ_CONTACTS N/A N/A
Allows read access to the device's phone number(s). android.permission.READ_PHONE_NUMBERS N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Required to be able to discover and pair nearby Bluetooth devices. android.permission.BLUETOOTH_SCAN N/A N/A
Required to be able to connect to paired Bluetooth devices. android.permission.BLUETOOTH_CONNECT N/A N/A
Required to be able to advertise and connect to nearby devices via Wi-Fi. android.permission.NEARBY_WIFI_DEVICES N/A N/A
Allows an app to access location in the background. android.permission.ACCESS_BACKGROUND_LOCATION N/A N/A
Allows an application to read image files from external storage. android.permission.READ_MEDIA_IMAGES N/A N/A
Allows an application to read video files from external storage. android.permission.READ_MEDIA_VIDEO N/A N/A
Allows an application to read image or video files from external storage that a user has selected via the permission prompt photo picker. android.permission.READ_MEDIA_VISUAL_USER_SELECTED N/A N/A
Allows an application to record audio. android.permission.RECORD_AUDIO N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-10 14:06

Reported

2024-06-10 14:11

Platform

android-x64-arm64-20240603-en

Max time kernel

2s

Max time network

132s

Command Line

com.snapchat.android

Signatures

Queries information about running processes on the device

discovery
Description Indicator Process Target
Framework service call android.app.IActivityManager.getRunningAppProcesses N/A N/A

Processes

com.snapchat.android

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.238:443 tcp
GB 142.250.179.238:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 digitalassetlinks.googleapis.com udp
GB 142.250.180.10:443 digitalassetlinks.googleapis.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

/data/data/com.snapchat.android/files/cof-recovery-heuristic

MD5 c2cb6588cff28170f789a47c9f899463
SHA1 6bc5162bc2b56e3a2e283893d14ab3325695693c
SHA256 9e4ce09686a7050b362a06dcc04ec84bc644c3f6cdce07d3e24ae3259f877774
SHA512 300eecd13019e28ff7dc6e3fb25d46795a706b42db2865deac0e08ce8f5b2c9630c14714e6cb65ec05aab49687e918dabcbc52d705a05864d308bf64c10d1b1c