Analysis Overview
SHA256
bf2e33a85547bdc0c2c24bed5ee59c89b0fa1b9bd7ec33eaed8c57e8f4937d8b
Threat Level: Shows suspicious behavior
The file bf2e33a85547bdc0c2c24bed5ee59c89b0fa1b9bd7ec33eaed8c57e8f4937d8b.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-12 16:19
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 16:19
Reported
2024-06-12 16:22
Platform
android-x64-20240611.1-en
Max time kernel
171s
Max time network
153s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.usat.campuspro
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| US | 1.1.1.1:53 | intranet.usat.edu.pe | udp |
| PE | 190.223.55.10:443 | intranet.usat.edu.pe | tcp |
| PE | 190.223.55.10:443 | intranet.usat.edu.pe | tcp |
| US | 1.1.1.1:53 | campus.usat.edu.pe | udp |
| US | 18.218.232.143:443 | campus.usat.edu.pe | tcp |
| US | 1.1.1.1:53 | player.vimeo.com | udp |
| US | 162.159.128.61:443 | player.vimeo.com | tcp |
| US | 1.1.1.1:53 | meet.jit.si | udp |
| US | 104.18.20.227:443 | meet.jit.si | tcp |
| US | 1.1.1.1:53 | coppernicous.github.io | udp |
| US | 185.199.109.153:443 | coppernicous.github.io | tcp |
| US | 1.1.1.1:53 | open.spotify.com | udp |
| US | 151.101.195.42:443 | open.spotify.com | tcp |
| US | 162.159.128.61:443 | player.vimeo.com | tcp |
| US | 162.159.128.61:443 | player.vimeo.com | tcp |
| US | 162.159.128.61:443 | player.vimeo.com | tcp |
| US | 1.1.1.1:53 | f.vimeocdn.com | udp |
| US | 1.1.1.1:53 | i.scdn.co | udp |
| US | 1.1.1.1:53 | embed-cdn.spotifycdn.com | udp |
| GB | 146.75.74.109:443 | f.vimeocdn.com | tcp |
| GB | 146.75.74.109:443 | f.vimeocdn.com | tcp |
| GB | 146.75.74.109:443 | f.vimeocdn.com | tcp |
| US | 199.232.210.248:443 | i.scdn.co | tcp |
| US | 199.232.210.250:443 | embed-cdn.spotifycdn.com | tcp |
| US | 199.232.210.250:443 | embed-cdn.spotifycdn.com | tcp |
| US | 199.232.210.250:443 | embed-cdn.spotifycdn.com | tcp |
| US | 1.1.1.1:53 | i.vimeocdn.com | udp |
| US | 151.101.64.217:443 | i.vimeocdn.com | tcp |
| US | 151.101.64.217:443 | i.vimeocdn.com | tcp |
| US | 151.101.64.217:443 | i.vimeocdn.com | tcp |
| US | 151.101.64.217:443 | i.vimeocdn.com | tcp |
| US | 1.1.1.1:53 | encore.scdn.co | udp |
| US | 23.1.106.35:443 | encore.scdn.co | tcp |
| US | 23.1.106.35:443 | encore.scdn.co | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| US | 1.1.1.1:53 | o22381.ingest.sentry.io | udp |
| US | 34.120.195.249:443 | o22381.ingest.sentry.io | tcp |
| US | 1.1.1.1:53 | apresolve.spotify.com | udp |
| US | 35.186.224.24:443 | apresolve.spotify.com | tcp |
| US | 1.1.1.1:53 | fresnel.vimeocdn.com | udp |
| US | 34.120.202.204:443 | fresnel.vimeocdn.com | tcp |
| US | 1.1.1.1:53 | gew1-spclient.spotify.com | udp |
| US | 35.186.224.26:443 | gew1-spclient.spotify.com | tcp |
| US | 35.186.224.26:443 | gew1-spclient.spotify.com | tcp |
| US | 1.1.1.1:53 | web-sdk-assets.spotifycdn.com | udp |
| US | 199.232.210.250:443 | web-sdk-assets.spotifycdn.com | tcp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp | |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| GB | 142.250.200.2:443 | tcp |
Files
/data/misc/profiles/cur/0/com.usat.campuspro/primary.prof
| MD5 | f263e4cc6828150eaa403f116192248e |
| SHA1 | 9631f73dfb5f4154bf9ed3fc1756198bf306f18e |
| SHA256 | 5b44b9e607573e4a346045be092f18504896ba34b75b3713f0583818f32475ce |
| SHA512 | 1153c08289bc9f6222e9906ecd47525c842c230e7c1d64c7c5294801d2e9f6ed6a0688b1255fe1dc9d9ce095f25448cfcc4048e18f1818c0dcda00a6e8789542 |
/data/data/com.usat.campuspro/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | f1da0ecd5fbd8929e17e73fb0e028f9b |
| SHA1 | 90efd1124e3464d157375145e28d55d408e0fdb0 |
| SHA256 | ddc0bcfa5145bf9e1db28de8ebd8eb248a29ce5cddefbab91215e9f4bcbff637 |
| SHA512 | 15222773b0ec2ab714ccf30a1f7554d1e3402af158aa6011ec9f578a5f8db4e8fe10e0d647883ff76c0405684e2cc9cae5cceb3c786d18eefb6a3c09fddd3ee8 |
/data/data/com.usat.campuspro/files/profileInstalled
| MD5 | a47080d73bf794550b6db5389af6d3b6 |
| SHA1 | 682071ba8c860d4bf5ed637fb5499c4e2781c54d |
| SHA256 | 9739b57cd386b5fe76fc728d844b81c2849e64a23e94f247944398d1cda51202 |
| SHA512 | 937ae4101bb654196afe2e4e586584747ddb015c7d430ff831c31c224cd13361499c00ff4135e3295c2b8f95b2950b00859a735abf53d88c830eb654f8a0f1e4 |
/data/misc/profiles/cur/0/com.usat.campuspro/primary.prof
| MD5 | 5dd0b8aa8029c47963338d888f5983ad |
| SHA1 | 62dfce114e44d3030493f3084a9e4feb6e1ab064 |
| SHA256 | 653445b5ee30f8067eeb0392e85a4c1643bc087b693c5ba82cad705e2a58e50b |
| SHA512 | 15c32abef86a4722f011cfbda4c9dd5c11749748cad09b92b89f75b2cfad1099161df503ebb789ec34dcafc66384b63906d021f9d85b6d09f2d7bb2bdab209f9 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-12 16:19
Reported
2024-06-12 16:22
Platform
android-x64-arm64-20240611.1-en
Max time kernel
58s
Max time network
150s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.usat.campuspro
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.16.238:443 | tcp | |
| GB | 172.217.16.238:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | intranet.usat.edu.pe | udp |
| PE | 190.223.55.10:443 | intranet.usat.edu.pe | tcp |
| PE | 190.223.55.10:443 | intranet.usat.edu.pe | tcp |
| US | 1.1.1.1:53 | campus.usat.edu.pe | udp |
| US | 3.135.176.98:443 | campus.usat.edu.pe | tcp |
| US | 3.135.176.98:443 | campus.usat.edu.pe | tcp |
| US | 1.1.1.1:53 | player.vimeo.com | udp |
| US | 162.159.128.61:443 | player.vimeo.com | tcp |
| US | 1.1.1.1:53 | coppernicous.github.io | udp |
| US | 1.1.1.1:53 | meet.jit.si | udp |
| US | 185.199.110.153:443 | coppernicous.github.io | tcp |
| US | 104.18.21.227:443 | meet.jit.si | tcp |
| US | 1.1.1.1:53 | open.spotify.com | udp |
| US | 162.159.128.61:443 | player.vimeo.com | tcp |
| US | 162.159.128.61:443 | player.vimeo.com | tcp |
| US | 162.159.128.61:443 | player.vimeo.com | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 1.1.1.1:53 | f.vimeocdn.com | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| GB | 146.75.74.109:443 | f.vimeocdn.com | tcp |
| GB | 146.75.74.109:443 | f.vimeocdn.com | tcp |
| GB | 146.75.74.109:443 | f.vimeocdn.com | tcp |
| US | 1.1.1.1:53 | i.vimeocdn.com | udp |
| US | 151.101.128.217:443 | i.vimeocdn.com | tcp |
| US | 1.1.1.1:53 | fresnel.vimeocdn.com | udp |
| US | 34.120.202.204:443 | fresnel.vimeocdn.com | tcp |
| US | 151.101.195.42:443 | open.spotify.com | tcp |
| US | 1.1.1.1:53 | i.scdn.co | udp |
| US | 1.1.1.1:53 | embed-cdn.spotifycdn.com | udp |
| US | 199.232.210.248:443 | i.scdn.co | tcp |
| US | 199.232.214.250:443 | embed-cdn.spotifycdn.com | tcp |
| US | 199.232.214.250:443 | embed-cdn.spotifycdn.com | tcp |
| US | 199.232.214.250:443 | embed-cdn.spotifycdn.com | tcp |
| US | 199.232.214.250:443 | embed-cdn.spotifycdn.com | tcp |
| US | 199.232.214.250:443 | embed-cdn.spotifycdn.com | tcp |
| US | 199.232.214.250:443 | embed-cdn.spotifycdn.com | tcp |
| US | 1.1.1.1:53 | encore.scdn.co | udp |
| US | 23.1.106.35:443 | encore.scdn.co | tcp |
| US | 23.1.106.35:443 | encore.scdn.co | tcp |
| US | 1.1.1.1:53 | o22381.ingest.sentry.io | udp |
| US | 34.120.195.249:443 | o22381.ingest.sentry.io | tcp |
| US | 1.1.1.1:53 | apresolve.spotify.com | udp |
| US | 35.186.224.24:443 | apresolve.spotify.com | tcp |
| US | 1.1.1.1:53 | gew1-spclient.spotify.com | udp |
| US | 35.186.224.26:443 | gew1-spclient.spotify.com | tcp |
| US | 35.186.224.26:443 | gew1-spclient.spotify.com | tcp |
| US | 1.1.1.1:53 | web-sdk-assets.spotifycdn.com | udp |
| US | 199.232.210.250:443 | web-sdk-assets.spotifycdn.com | tcp |
| GB | 172.217.169.68:443 | tcp | |
| GB | 172.217.169.68:443 | tcp |
Files
/data/misc/profiles/cur/0/com.usat.campuspro/primary.prof
| MD5 | f263e4cc6828150eaa403f116192248e |
| SHA1 | 9631f73dfb5f4154bf9ed3fc1756198bf306f18e |
| SHA256 | 5b44b9e607573e4a346045be092f18504896ba34b75b3713f0583818f32475ce |
| SHA512 | 1153c08289bc9f6222e9906ecd47525c842c230e7c1d64c7c5294801d2e9f6ed6a0688b1255fe1dc9d9ce095f25448cfcc4048e18f1818c0dcda00a6e8789542 |
/data/data/com.usat.campuspro/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | f8793962918e056ca3bbe32fb9fe0a6a |
| SHA1 | ad920a46267d6405f20be80b721d00b0146776d1 |
| SHA256 | fa748a27be20fd7d252012cb2c9a2438960e383261b9089858e1b8c64073624b |
| SHA512 | d9701615cacc6b488dbfda91d8abdd0dcf5a6b452f5a358f73cad756aad8bbd483e1bd529065739dea6a352b68d37d3a3f3913fd2ab448012ca3a283ad25bca7 |
/data/misc/profiles/cur/0/com.usat.campuspro/primary.prof
| MD5 | d424ea2007305a47a4d21f8262b20831 |
| SHA1 | c17328207ef1d16e299ef00e97564e649c320887 |
| SHA256 | add93220cd7a8a4c0eb61d091e8daada44d9185dca6a0d8f72535e685ed8a515 |
| SHA512 | c9fcc8c16bad71b8356f0476c7a015b189863e46c71238dff78d00681b4e13f7a333f6d02c032852ef3d13408abc2a1f66d0fc0ae9cc188eee919c1cd2c30958 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 16:19
Reported
2024-06-12 16:22
Platform
android-x86-arm-20240611.1-en
Max time kernel
174s
Max time network
158s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.usat.campuspro
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | www.google.com | udp |
| GB | 142.250.179.228:443 | www.google.com | tcp |
| US | 1.1.1.1:53 | intranet.usat.edu.pe | udp |
| PE | 190.223.55.10:443 | intranet.usat.edu.pe | tcp |
| PE | 190.223.55.10:443 | intranet.usat.edu.pe | tcp |
| US | 1.1.1.1:53 | campus.usat.edu.pe | udp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 172.217.169.74:443 | safebrowsing.googleapis.com | tcp |
| US | 3.135.176.98:443 | campus.usat.edu.pe | tcp |
| US | 3.135.176.98:443 | campus.usat.edu.pe | tcp |
| US | 1.1.1.1:53 | player.vimeo.com | udp |
| US | 162.159.128.61:443 | player.vimeo.com | tcp |
| US | 1.1.1.1:53 | meet.jit.si | udp |
| US | 104.18.20.227:443 | meet.jit.si | tcp |
| US | 1.1.1.1:53 | open.spotify.com | udp |
| US | 151.101.131.42:443 | open.spotify.com | tcp |
| US | 162.159.128.61:443 | player.vimeo.com | tcp |
| US | 162.159.128.61:443 | player.vimeo.com | tcp |
| US | 162.159.128.61:443 | player.vimeo.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | f.vimeocdn.com | udp |
| GB | 146.75.74.109:443 | f.vimeocdn.com | tcp |
| GB | 146.75.74.109:443 | f.vimeocdn.com | tcp |
| GB | 146.75.74.109:443 | f.vimeocdn.com | tcp |
| US | 1.1.1.1:53 | i.scdn.co | udp |
| US | 1.1.1.1:53 | embed-cdn.spotifycdn.com | udp |
| GB | 88.221.134.96:443 | i.scdn.co | tcp |
| US | 199.232.214.250:443 | embed-cdn.spotifycdn.com | tcp |
| US | 199.232.214.250:443 | embed-cdn.spotifycdn.com | tcp |
| US | 199.232.214.250:443 | embed-cdn.spotifycdn.com | tcp |
| US | 1.1.1.1:53 | i.vimeocdn.com | udp |
| US | 151.101.0.217:443 | i.vimeocdn.com | tcp |
| US | 151.101.0.217:443 | i.vimeocdn.com | tcp |
| US | 151.101.0.217:443 | i.vimeocdn.com | tcp |
| US | 151.101.0.217:443 | i.vimeocdn.com | tcp |
| US | 1.1.1.1:53 | encore.scdn.co | udp |
| GB | 23.200.147.32:443 | encore.scdn.co | tcp |
| GB | 23.200.147.32:443 | encore.scdn.co | tcp |
| US | 1.1.1.1:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 1.1.1.1:53 | js-agent.newrelic.com | udp |
| US | 162.247.243.39:443 | js-agent.newrelic.com | tcp |
| US | 1.1.1.1:53 | fresnel.vimeocdn.com | udp |
| US | 34.120.202.204:443 | fresnel.vimeocdn.com | tcp |
| US | 1.1.1.1:53 | bam.nr-data.net | udp |
| US | 162.247.243.29:443 | bam.nr-data.net | tcp |
| US | 1.1.1.1:53 | coppernicous.github.io | udp |
| US | 185.199.109.153:443 | coppernicous.github.io | tcp |
Files
/data/misc/profiles/cur/0/com.usat.campuspro/primary.prof
| MD5 | f263e4cc6828150eaa403f116192248e |
| SHA1 | 9631f73dfb5f4154bf9ed3fc1756198bf306f18e |
| SHA256 | 5b44b9e607573e4a346045be092f18504896ba34b75b3713f0583818f32475ce |
| SHA512 | 1153c08289bc9f6222e9906ecd47525c842c230e7c1d64c7c5294801d2e9f6ed6a0688b1255fe1dc9d9ce095f25448cfcc4048e18f1818c0dcda00a6e8789542 |
/data/data/com.usat.campuspro/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 83846494d0280ba96c569d1359f67376 |
| SHA1 | 858ded37f1bc611e51bc03731f6a828e154a4ded |
| SHA256 | d5f5604d8dcf8b7581f59ce1bd7afb95c391370b17f60576cb1b23ca09cc0470 |
| SHA512 | 7b330a573f3891bd7e8ef79c8a5c1e1aceae4be360e42091b34b4a5cf41a68259fa23d9f6be11f9e8019fec000d236cf0e144bae17d4fdef54df67cf7b7aa486 |
/data/data/com.usat.campuspro/files/profileInstalled
| MD5 | 714395769562c06c22ed296de0747b1e |
| SHA1 | 60da8d102d48050180a3fb114ea4b36f77ce8a08 |
| SHA256 | 8ec462e3756d9550a7317e226b1c2e02afec1e0a8c8cdc4e327e11d7b37e4543 |
| SHA512 | f041f70bc75644811a9a77d57287b28ceeed68a503a12211e3c8375cfa7366a6a77a4522bdabc93aa71b94ac1dfea8c12daa661cf6754ff49df5e8352b9b6ffd |
/data/misc/profiles/cur/0/com.usat.campuspro/primary.prof
| MD5 | 0a2231696355facd707cbc70fc21a02c |
| SHA1 | f3a40f1c4fd34f8aa049f6830ec821f7816ba675 |
| SHA256 | f47ce7ed0a5449aa6b4a2d93bcaea98bcc1eb632702daf3a9fe1e1f80c2bec30 |
| SHA512 | 6c221b76ec8faa58b580151e736160bd8e1a0b1b8c38564fd15d18c99ce08c2d3b35415ae1a96c40126f2fc6b5feacfcbaf6935346a5dfebea5bbddd725496e2 |