Malware Analysis Report

2024-09-09 16:21

Sample ID 240612-sb7w2sshqp
Target 565e1f02ee0024934819a1430db50ba6631470afb30868ddaf3499a6cdaa6a1a.bin
SHA256 565e1f02ee0024934819a1430db50ba6631470afb30868ddaf3499a6cdaa6a1a
Tags
discovery persistence collection credential_access impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

565e1f02ee0024934819a1430db50ba6631470afb30868ddaf3499a6cdaa6a1a

Threat Level: Shows suspicious behavior

The file 565e1f02ee0024934819a1430db50ba6631470afb30868ddaf3499a6cdaa6a1a.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence collection credential_access impact

Obtains sensitive information copied to the device clipboard

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 14:58

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 14:58

Reported

2024-06-12 15:01

Platform

android-x86-arm-20240611.1-en

Max time kernel

23s

Max time network

169s

Command Line

com.google.massagg

Signatures

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.google.massagg

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.204.78:443 android.apis.google.com tcp

Files

/data/data/com.google.massagg/logs/20240612145848240.log

MD5 e61931fb2c6085a771f2015fd6e8ab0d
SHA1 dfcfffaaddcc52ca854a1659ef0e4e51044a4556
SHA256 b0e0a3edb9def923f9a55e4c6dc65f28c3201d9664e65015b0856426f7c1cd21
SHA512 88d7ec924f5e5fff229eb8fd78522a73d449d0dce4ccb4b6736dc8d39e32d728c7abafed7ff4e455fde23d4a2f6e6745decb81beebfd9821ee2c334d7200df58

/data/data/com.google.massagg/logs/20240612145848282.log

MD5 714b7e1b7bc7daca3a3e2be84553278d
SHA1 e8d93a15bafeff6b83d5201fd17869de3426cde5
SHA256 2eca76f6013ff7fd54e6f03eb4cdca8d284b555f4853d0f1c959eb06d897870e
SHA512 f40af7a550cb7a232c6d60cc6636afed171da526185ad955413bcb9a1014d34ed20b0f7d2e6c40cb16ffa2008e4912c3b791b15f97b4713fc212b4eebf98dc87

/data/data/com.google.massagg/no_backup/androidx.work.workdb-journal

MD5 31f1eaf1f812267f0b9fa03228d1e699
SHA1 7e527ad5d4fa1d7d6a74671cda4a7ac912b1a8e5
SHA256 ccef27e0a364a4ff692e78c40a6092ba9d706998afbaa98e093ebc671acae907
SHA512 6ef26cfc56f97dde26644f521e565430dcf7035aec61379289e8eddd4e6d3637902fc5b8354daf20d458432c0169f3e101ce34e92bfb71fb204b9ca0623e3ebe

/data/data/com.google.massagg/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.google.massagg/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.google.massagg/no_backup/androidx.work.workdb-wal

MD5 b87647c089af7858212fff08104d768c
SHA1 153209a357a37e976652106340cc09a91f7bb680
SHA256 c1c90718e2e298ff528ba386ffc4f1e707fe265a48f066f750789403e36e78ed
SHA512 55345d978c1d7e49c2adab9fd52294fe64286d80cb96b9e8251621b30b71859211cdf700e6dff09ece9857d607192d93544077db4689a15eeffe7d26da8614bb

/data/data/com.google.massagg/no_backup/androidx.work.workdb-wal

MD5 fb144fed17c6896e1940b02200321996
SHA1 217fa6a62adb667d6909a15adf4e60f1131ede76
SHA256 4f543dcb048e761fd88811862717d4eb2e8619d997e99b095e6f45762a868ee7
SHA512 74f43fa221b12d880babb53c5336745859d6a00fc46c60d80f455d4bb775cc3089b50dd7c0afc5505a8f5bd71a963ab26b38358b38b62cdabc0019ce41612e00

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 14:58

Reported

2024-06-12 15:01

Platform

android-x64-20240611.1-en

Max time kernel

54s

Max time network

150s

Command Line

com.google.massagg

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.google.massagg

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 142.250.200.14:443 tcp
GB 172.217.169.66:443 tcp
GB 216.58.204.78:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp

Files

/data/data/com.google.massagg/logs/20240612145850003.log

MD5 7b9d00f086238610ffd4f0b0d14f1208
SHA1 05d7a75d2c32afc6371f8ed2b532ec970fcc17b8
SHA256 8ec0f79f2fd32ac97ce1306809c0284a410024f5a895743df44e05986d499269
SHA512 5c4628b07657cf448537d469d4612667ae5bd62e3b55009192f77ac7586c3da585a907d28b3b7711b99ae6b24dfd6c0a853be607b8e39af6a28349462e141db2

/data/data/com.google.massagg/logs/20240612145850015.log

MD5 ad8c1b68baf3cd0bba166e361fceadaa
SHA1 6c9573da30285345608ad018302c00aaf92e82fd
SHA256 cd1cdfd8140711f12dad71e621bc3883ab3783edbd7a2559d15f808b4006f246
SHA512 6ab681cf59f4c6d97024d266185facb8269b31cbb6e83f34030797841cfe44b1f8c6746425be9ad647705ba8d4a91324ef64d47809d770d8215d6a1258b3ebee

/data/data/com.google.massagg/no_backup/androidx.work.workdb-journal

MD5 f574e0fb696d9b360d8443f7e5a693af
SHA1 e83087eb24a761df3b54db80e8645571e958b9a8
SHA256 4bc52d79d0c34791d68bc8ee403e297e021d9ff3d33de7b85eb981af8abf6b17
SHA512 a0c1caf21eda6d85fad7b2a704d0cd1afcd72396c305ea4ef5be8cb3bb82177acf9b0ca55ccf15a615d37b5a14b664b699c9a82a2208addefd42d1ba2ebb1026

/data/data/com.google.massagg/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.google.massagg/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.google.massagg/no_backup/androidx.work.workdb-wal

MD5 2b56e7fbb60fd27a6193d5dfc4bd18ca
SHA1 ae8970c2aa9d778d595673742a7fe5eb5ad22dc9
SHA256 08692c334af1fdc52ac42d08093c55e0f02b872b37985d27d3c53ea993e4dc75
SHA512 377fb8945cfb81ba93c8e9d9526eeaa1c2a1d6a67ab148df26e3199d14b493964101450ade6502455ca4ffad0b8df2fa1d565fdda6a9a1380c51a08bb6508f74

/data/data/com.google.massagg/no_backup/androidx.work.workdb-wal

MD5 cb8063f4fa5390bbba8cc561d0b30f8f
SHA1 f8874cc0fbae42e9318503332f6996508ffb6002
SHA256 7b9d3439425fd8235eae7e07530e10cb9b4efb4420e7ddf6e1e2185253bd2f61
SHA512 a9f0d13be69fe4520c1625da7076a37d374f7481868a2890af77b71061303cab9171de36576fa19f225b17092b6bdb18d0fce03fc46a4f7719c22cc91374e938

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-12 14:58

Reported

2024-06-12 15:01

Platform

android-x64-arm64-20240611.1-en

Max time kernel

89s

Max time network

131s

Command Line

com.google.massagg

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.google.massagg

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.232:443 ssl.google-analytics.com tcp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/com.google.massagg/logs/20240612145857792.log

MD5 103c2d69a542af773e43fa12860d0184
SHA1 be4daf44eab2441f7ccd37dc4f432545e0eca4cf
SHA256 6a1212afbb01ecd7f5d8b17f4e8a514e0ac8c2bf2c4945410860b9ed9ba4fa70
SHA512 6bd348e6a0f969d280cce7c2de0eef79cd10b0009451dec454888617954c52950e101814132e60936dd70f2181c1c5180fb9e6ce2aa57ca883aebe6337677197

/data/data/com.google.massagg/logs/20240612145857794.log

MD5 f1bf63cc76fc928e0ef4cce786fe7ee8
SHA1 f8ba5ba81426913ad0dc0c75a7700b45ce963257
SHA256 eff4ae1810b3611eab3a813f68c9572ae5e7e9fac529142d0ecacf67dc014522
SHA512 428c53916f7706ee96509a996f01be9e1e77b983044821795cbb72716d0d7e9dd4d41d87e7fb2b2c0490385473750fd6f1cc667cc0f17ac6a8ae3c7ddbbc265d

/data/data/com.google.massagg/no_backup/androidx.work.workdb-journal

MD5 546a5b711c40e75c52eeaed082fc4d82
SHA1 36aa0e7dc71298b0fad5f7bf431faeeec8bb65a8
SHA256 26056cdc1219d31f04361908382d55160cf3a7a71fe523fe9c10ddaaf6c8cfc9
SHA512 347c7c0a1f8dff7bb58b44f86dfd61cd291cb00c34e142a12e476227bfe77d2f73aaf2fa8aa817be06eda72b42f0c7b28e73ce31f8008fa6c85e578f59d40a9f

/data/data/com.google.massagg/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/com.google.massagg/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.google.massagg/no_backup/androidx.work.workdb-wal

MD5 47df348e2512ca3732982b53ddacd4df
SHA1 e291a99b01b915afc05f75e88aa93c5f1830d6a3
SHA256 5ae0e3d23facc2c110f310c24b12e3fcba8f549d0dda75a5719210297ef25509
SHA512 8512be43c2a6ee726d1211d02c366dbc1e7dce30c1d0d8287ad36858bc9b81ddb887329093f804cd9c4995e3545b72cdf8e528bb41f5c1148d249ec1a714a616

/data/data/com.google.massagg/no_backup/androidx.work.workdb-wal

MD5 7a0b40437771539f6d19fdbb22d845c2
SHA1 8db01fa2944eea19629be5e793c9e64f7f1d7fd3
SHA256 b3d4e31abbbe3d7e5ef8789519fa6290c4ed2429e58644edc57e36406ab12ad7
SHA512 0a7bfc5cd23ccbd05c01c1a7ab7f03375b5463791cccafd650837294566402c465a4a1d660527bd0f91c41c9d62e073e7f4760c9d223228f335e6e17d845c981