Analysis Overview
SHA256
071eaf49198b671df78c82fabe24851adfeb4b3f9e0d1f384bfd07663dd4113f
Threat Level: Shows suspicious behavior
The file 071eaf49198b671df78c82fabe24851adfeb4b3f9e0d1f384bfd07663dd4113f.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-12 17:06
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 17:06
Reported
2024-06-12 17:09
Platform
android-x86-arm-20240611.1-en
Max time kernel
47s
Max time network
149s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
yes.debug.yesbnak
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/yes.debug.yesbnak/primary.prof
| MD5 | 2fd51c2351b0f2eaa881142f88221c56 |
| SHA1 | ff7970a3b6d375f4792c7f281e83f6ba750fa2b6 |
| SHA256 | 703a20a4e8af234859019c7dd9f879ac5b25f28d0e729afe1a09b03d9de9a50f |
| SHA512 | a7dc50d4e5c175b150f88d8af6221fc565ec41d230f4a66f34fc5ab82f38a45a545e9332e75187702e10720d3b2e69269f008ea14e178a03eb1ae43883c3e0d0 |
/data/data/yes.debug.yesbnak/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 74890a4339bbacb9033bb5a2361247f8 |
| SHA1 | c1d0d899e7208fad85dd6a4144d9cae7478317fa |
| SHA256 | a9d13134240e50d287565c61cf5df5a238d3db804099b4bb003389c1d7e0c980 |
| SHA512 | 3ba8784133f4d489fb6ba632b149d601be534058463fbbca16d7ba1ec192cbcf98819ff74477b86338b5d37b32b9a82b4f3f32cd5a4baa2c93d69508ffcf0e87 |
/data/data/yes.debug.yesbnak/files/profileInstalled
| MD5 | 35ee10a5f94e7f16f7444b4a92ae5d0b |
| SHA1 | 09fb897daaf7c64313b22bfd1ab595f4e6417ef1 |
| SHA256 | a9924718a7f84967c9908eb9fdbbb0c75d09204c80f7be0a1448a77164376c4a |
| SHA512 | 0e622dc7eb54c7809bd3558375e5d7af731641e8f78e9fc26890c280f29b5ac112d386980af86733c90aaacfba2ad1c41cdeaba83c0aec274009af0ccf3d1b81 |
/data/misc/profiles/cur/0/yes.debug.yesbnak/primary.prof
| MD5 | 1e728250c012e94e2355e7057a113b80 |
| SHA1 | eaaabea18b89f4c104d5ebddf728c09edddfe508 |
| SHA256 | a31256d4a5fc50024f80997156db4d2baa2986b6bb3122e1c263603843d98bf6 |
| SHA512 | 4b01b39b3172640369783e6243735c946aeba4c448e774a2ffab5840cbce26826f71252b6aa755e7e4504ca277528093dffb7b2d5729ee1b85178237926fa28f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 17:06
Reported
2024-06-12 17:09
Platform
android-x64-20240611.1-en
Max time kernel
26s
Max time network
151s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
yes.debug.yesbnak
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.2.137:443 | code.jquery.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.187.226:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.204.78:443 | tcp |
Files
/data/misc/profiles/cur/0/yes.debug.yesbnak/primary.prof
| MD5 | 2fd51c2351b0f2eaa881142f88221c56 |
| SHA1 | ff7970a3b6d375f4792c7f281e83f6ba750fa2b6 |
| SHA256 | 703a20a4e8af234859019c7dd9f879ac5b25f28d0e729afe1a09b03d9de9a50f |
| SHA512 | a7dc50d4e5c175b150f88d8af6221fc565ec41d230f4a66f34fc5ab82f38a45a545e9332e75187702e10720d3b2e69269f008ea14e178a03eb1ae43883c3e0d0 |
/data/data/yes.debug.yesbnak/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 68cef98a81b3d56713210e2b41b36e74 |
| SHA1 | cde241715804a40067a3b58ae6198f85d82e4421 |
| SHA256 | b6cc7f95fd873e6797036bd16e020404b8da205ac27663192235fd1b9b78f107 |
| SHA512 | 24b1a6f70046a8b50c9db2ee88a4e72a3938d7940ad4e2988aa7598d7b9cabc5af3923cc19f4e01e2a36965b11f8f1e741b2472e206f37936a5461aaf458f006 |
/data/data/yes.debug.yesbnak/files/profileInstalled
| MD5 | 140c56d9159e99e1ce7681685ded2ab4 |
| SHA1 | 82c032962301a55b05feb1992b4b6ceb946565b9 |
| SHA256 | 3ad2d65184d20dbd253a5ff871bcd0ea98ec9f67d850161a7b90c08aedc059e7 |
| SHA512 | 01be1d559e0e23eaa6bafd51c972169ef68d865b860d43909c5a60fc01d3fe231f815dc5624b52d6593041d79aef178c8b1b140acb8105459e1c7983f2f636e0 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-12 17:06
Reported
2024-06-12 17:09
Platform
android-x64-arm64-20240611.1-en
Max time kernel
122s
Max time network
132s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
yes.debug.yesbnak
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/misc/profiles/cur/0/yes.debug.yesbnak/primary.prof
| MD5 | 2fd51c2351b0f2eaa881142f88221c56 |
| SHA1 | ff7970a3b6d375f4792c7f281e83f6ba750fa2b6 |
| SHA256 | 703a20a4e8af234859019c7dd9f879ac5b25f28d0e729afe1a09b03d9de9a50f |
| SHA512 | a7dc50d4e5c175b150f88d8af6221fc565ec41d230f4a66f34fc5ab82f38a45a545e9332e75187702e10720d3b2e69269f008ea14e178a03eb1ae43883c3e0d0 |
/data/data/yes.debug.yesbnak/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 14ad1bda90e32dbd1fbe8cdd260eca40 |
| SHA1 | b258f3a4210183b2d6f4758cc4fb31f80d494248 |
| SHA256 | 251d7f35581a31397dd5024710f03159d586f2e360478cd15d828094dce3f1ca |
| SHA512 | 4d1d13767a77dcce0c94ffc70d7433d3edee1272ec62cc1cdfa7dd83b86d78cb35defa8bcc16563fd771b4a3fb8103df0f430bbb6600c88b914244a4af715866 |