Analysis Overview
SHA256
a0b17ad3193e1397dd56581a75b0d61f986e5d4ac58f393b2d9c4bd5f2065b3d
Threat Level: Shows suspicious behavior
The file a0b17ad3193e1397dd56581a75b0d61f986e5d4ac58f393b2d9c4bd5f2065b3d.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Makes use of the framework's Accessibility service
Declares services with permission to bind to the system
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-12 14:07
Signatures
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 14:07
Reported
2024-06-12 14:11
Platform
android-x86-arm-20240611.1-en
Max time kernel
176s
Max time network
137s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 77.105.166.215:8080 | tcp | |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | fc2dd91999a4738081038b9e8b968131 |
| SHA1 | 2dc1d95421f4a02f8aa319dfd834802121ce773f |
| SHA256 | 4c5094084345cca53f7207446630b9859532b255a3a6e37475440fb6bdd263dd |
| SHA512 | 9bcf8d84bd7e33335bb8a2fdcc7fec25ceccc3ac506e9cca59a5c71fb018bbb35d37a2ce927cd6ea082c6a23a98fee42c87dbde09ed9dcdc4846c432c4479360 |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 4add075a539837f287687e41d4ce1bc0 |
| SHA1 | 79a784e4d7d3e9c40560390af1178cdf317e3e70 |
| SHA256 | eea4f85e33a0c19788b70b00938cbcf68806d6c96e7a80b866873a9e07f0b20f |
| SHA512 | bf73c9963ec426295c872226bc999d4e6cdd3318a2ab74cc55770e38947c95bc256204a78e0b739dff9615d443378b7111a3775d1bd0e4f1a651e4410f72e420 |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | 18afc1b66c88fd61f9b4777dca5c8f34 |
| SHA1 | 6035abdb1680330a37b7e0284111c219d79ea9e4 |
| SHA256 | a4bcb0d9b4591de0cf463f40c0af7246bbae95a3f5dad54835c4c9e7a1fccaf4 |
| SHA512 | edfe9a9fddfa9c5e0c4696458b7369fa11dce302afad605b8dcd486509c04ab4540260ed4bdc79edaf6c887498f22683a869ec509feb1d22b6467a86e644766e |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 8ccd0029ff420dd0bfef10ac2a7134a1 |
| SHA1 | 5754c169e0df4a4e0613c55a35c19a75930620e8 |
| SHA256 | 0535eb0f8b2afacd265b2d2436f2d5ea4cacb8f884e9d9191dfe32b356b440dd |
| SHA512 | 1eafb0bb5972f46f6207e86bafd7af6d8560695e1a4d5f237ee520b09ad6e9460ce6162fccdca55e4effd633ceea201d2b2cba1b48b5315e83c20c11fe4acac4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 14:07
Reported
2024-06-12 14:11
Platform
android-x64-20240611.1-en
Max time kernel
175s
Max time network
152s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 77.105.166.215:8080 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| GB | 172.217.169.46:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp | |
| GB | 172.217.16.226:443 | tcp | |
| GB | 142.250.178.14:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | fc2dd91999a4738081038b9e8b968131 |
| SHA1 | 2dc1d95421f4a02f8aa319dfd834802121ce773f |
| SHA256 | 4c5094084345cca53f7207446630b9859532b255a3a6e37475440fb6bdd263dd |
| SHA512 | 9bcf8d84bd7e33335bb8a2fdcc7fec25ceccc3ac506e9cca59a5c71fb018bbb35d37a2ce927cd6ea082c6a23a98fee42c87dbde09ed9dcdc4846c432c4479360 |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | f9b897a387665072b3a4ac70a27149d4 |
| SHA1 | ea81458ec0805a49b918670689e3b68b0fee40de |
| SHA256 | be7d8400035528ec8033d7b41fc062c7d7f8390d9e142016e9f54eadd37c26e4 |
| SHA512 | 3aab61505baa8e3bd55dd733d03e67dfbadc9a5cb0bdbfedcd4e2dcba30a527bdb1e1f5794370ff5f0f4e9f993954b4144e4bea972eca92db14aea649dc0f416 |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | e1d06466a6389d8cd6fe41d1ad8b06f8 |
| SHA1 | bacc55f3513b5f86e3e9eff872d7b088f54c49f2 |
| SHA256 | 5114d5ab85fe71c9934f29c7ebfeefd7fe7e2bb6c1804d9942d875b8bc4ef4a0 |
| SHA512 | 59dbb35e3e00db018211af38252bf940dd8060e64b4de6830917afc56d5d4b2d430e6fd5aefb425f54c2d05d80bb6be59e5c29b502392cc7b0d4b23b1164c6a4 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 8367586d5c7b23b5b3b9c54f85faf1b2 |
| SHA1 | 3f3c14172dc1e9fd127aa8e6a44ccb7066461b67 |
| SHA256 | bcfb33c57999834ee5970c081359bd7c92834a20a7743615dde03a2d8c93bdd1 |
| SHA512 | 46015cf6ee514af294fea67ce8a61abca1961666bfb7971f98a75a0246f664597bfbf9058921cfcf8de886f24d779cef723b7c97d4df1a87f96be9400641b1b4 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-12 14:07
Reported
2024-06-12 14:11
Platform
android-x64-arm64-20240611.1-en
Max time kernel
175s
Max time network
132s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 77.105.166.215:8080 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.212.196:443 | tcp | |
| GB | 216.58.212.196:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | fc2dd91999a4738081038b9e8b968131 |
| SHA1 | 2dc1d95421f4a02f8aa319dfd834802121ce773f |
| SHA256 | 4c5094084345cca53f7207446630b9859532b255a3a6e37475440fb6bdd263dd |
| SHA512 | 9bcf8d84bd7e33335bb8a2fdcc7fec25ceccc3ac506e9cca59a5c71fb018bbb35d37a2ce927cd6ea082c6a23a98fee42c87dbde09ed9dcdc4846c432c4479360 |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | f5be1ffcc476fccf903d5af8a15cfde1 |
| SHA1 | ba491fdec5459a3913de441dbcf76e564df99eb4 |
| SHA256 | 99c484be0c364f8d998b5e1415e9629b782018ff7e489682efd27536bbfd5237 |
| SHA512 | b854c4fcaba851a34507fad67ffeb01206394bcba2ccb2b0ff7281cb78af8080a976231b781581e383daa813037e9ddd82c1bac25699250af61fcd1a62177b87 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 4d8b829d254310c960cc3b01f9e25776 |
| SHA1 | 92dddd9f8925a819f52f19330ee9c92b55cd7f90 |
| SHA256 | 29733ed2215d33e2db422ac7b803662f5c94aa6bad0c63d01abe7773decca252 |
| SHA512 | 687c96720966ac3c0d332859678f556d9cc99975ea414fc46827882f13cf6c955c8c9ac36c8869ab6f56bb329849c99af561caa83878e3dfc7e3922a36dc0899 |