Analysis Overview
SHA256
7ed35ae9886107e71cafc427c5ec6dcbcd40c78e8a538c02697b538291fe5b13
Threat Level: Shows suspicious behavior
The file 7ed35ae9886107e71cafc427c5ec6dcbcd40c78e8a538c02697b538291fe5b13.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Queries the mobile country code (MCC)
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-12 13:31
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 13:31
Reported
2024-06-12 13:35
Platform
android-x64-20240611.1-en
Max time kernel
48s
Max time network
145s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
yes.debug.yesbnak
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.169.72:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 172.217.169.46:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 172.217.16.226:443 | tcp | |
| GB | 142.250.178.14:443 | tcp |
Files
/data/misc/profiles/cur/0/yes.debug.yesbnak/primary.prof
| MD5 | fc68691110701a09ae3316b71e9aba4b |
| SHA1 | 82ef2be098b162e898f77b28e70eb35dc61aa07e |
| SHA256 | 5fbfc3aca9fb54f9bc698a75b023196055d7d0d6c1454aa517b2360bb58a1043 |
| SHA512 | 12b947635178386ad8c8ffae0b16a3af7b9be6f5645c8f07275083c1c4398fd0e37990012c51f01be07caf8341889bc4b3f988d2e0da6866ae1788698581b10f |
/data/data/yes.debug.yesbnak/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | c1296884151e8990266a4666ca035e88 |
| SHA1 | 2dfaa1cce9a92de3452363a2523b39cd7c772003 |
| SHA256 | 11357057e708838383e1b89e2c0c534cccdbf96388b07a524abef03f594e7e14 |
| SHA512 | 8f61a36febfca2521324628d6ee6155c3fce9d59e7f9a28f655a3195cfe439a6579e0bdac2d3c66d18c7411748beaad74b7c31709786f358151035f83f2dc1eb |
/data/data/yes.debug.yesbnak/files/profileInstalled
| MD5 | 1a57b1969c500fed1f52345320a81dc6 |
| SHA1 | d4428783b1d95ead78c493d5aa04019dead30478 |
| SHA256 | 81dbe12ddf3013614a5868f40e1a3ef2a3483cfe853e44cd54507c312f14764e |
| SHA512 | ee5b8da50265bb36f5ac205a7ec18a5e064a7e6f174315d68e90f227bac0256f63730db9163d0f13264918128085cbaef71f882be821531b2c044581f3aa702d |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-12 13:31
Reported
2024-06-12 13:35
Platform
android-x64-arm64-20240611.1-en
Max time kernel
26s
Max time network
132s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
yes.debug.yesbnak
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.179.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 216.58.212.196:443 | tcp | |
| GB | 216.58.212.196:443 | tcp |
Files
/data/misc/profiles/cur/0/yes.debug.yesbnak/primary.prof
| MD5 | fc68691110701a09ae3316b71e9aba4b |
| SHA1 | 82ef2be098b162e898f77b28e70eb35dc61aa07e |
| SHA256 | 5fbfc3aca9fb54f9bc698a75b023196055d7d0d6c1454aa517b2360bb58a1043 |
| SHA512 | 12b947635178386ad8c8ffae0b16a3af7b9be6f5645c8f07275083c1c4398fd0e37990012c51f01be07caf8341889bc4b3f988d2e0da6866ae1788698581b10f |
/data/data/yes.debug.yesbnak/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 543778302627277e6073e39a63191112 |
| SHA1 | 9c2bba358982f695796776cc542bb30c5707b419 |
| SHA256 | 5c2b5df79f158a3c2ed2caee49557d76e632e65c91e1b12934891393b939e317 |
| SHA512 | 6bda4a69dbed679df248b87cfcae4cb1e54face92ea100e2b8fbb98396848b8b84afbd0b93e6c5024c2b536b665d3a123cf97f56070dbb77218f6a44fa940f4d |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 13:31
Reported
2024-06-12 13:34
Platform
android-x86-arm-20240611.1-en
Max time kernel
47s
Max time network
131s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
yes.debug.yesbnak
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.66.137:443 | code.jquery.com | tcp |
| US | 104.18.187.31:443 | cdn.jsdelivr.net | tcp |
| US | 104.18.187.31:443 | cdn.jsdelivr.net | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/yes.debug.yesbnak/primary.prof
| MD5 | fc68691110701a09ae3316b71e9aba4b |
| SHA1 | 82ef2be098b162e898f77b28e70eb35dc61aa07e |
| SHA256 | 5fbfc3aca9fb54f9bc698a75b023196055d7d0d6c1454aa517b2360bb58a1043 |
| SHA512 | 12b947635178386ad8c8ffae0b16a3af7b9be6f5645c8f07275083c1c4398fd0e37990012c51f01be07caf8341889bc4b3f988d2e0da6866ae1788698581b10f |
/data/data/yes.debug.yesbnak/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 9da7665c17e609d5aab36365e4b1f80f |
| SHA1 | 4358908a409b292ca63171926c1a8a9742e66149 |
| SHA256 | 8940abd0e56434bf2d7ecf943a5b1f6d2aab4c903ee4da93f68e4b6001eff0ee |
| SHA512 | 49e3bf33c56c6f9b0d9c3fb0ca82ea1bb71aec894c3ab5c51cfa737c23bf63736498467bafbd35c52720cf638f9e9a3fff0d602e736474136a996ea4906e7091 |
/data/data/yes.debug.yesbnak/files/profileInstalled
| MD5 | c155643bf8eb382e7fa14b5ab2724958 |
| SHA1 | 343e1c5fd465f76f8139734794e89a09c87583bc |
| SHA256 | d10b803c88b966b73684f31cc154bdc77d9c72e01880b829df74a351f57ab5f8 |
| SHA512 | 25ccde51324ed45ecb762d5a3cf212b7b73ceff0be235c74348bb68df36f04073937fc2015d97f022d46a044a9ec4cfb4ab2dfabeda093113e7391ce8e890740 |
/data/misc/profiles/cur/0/yes.debug.yesbnak/primary.prof
| MD5 | ae003b6b6afc483d317698afefe50fa8 |
| SHA1 | ab0b5c6cd9176cb855c57f334af55879aa84b3c7 |
| SHA256 | 7398667add273e8e3382fb5306366dfa8c2a75fdc89883e5c44a1a811fa999d7 |
| SHA512 | 9e831e5e5d937182dfa2aa9885157c1a365e47f555c4d1d72fa5be7b580fc44ad11309d589d195029ffe30a2892736323fcbdd37db3404ec8e1afcf37c9f7f3e |