Malware Analysis Report

2024-09-09 16:16

Sample ID 240612-w11qtavdrb
Target 459dd0eb903486e9c93ffa9f5114d0a7dbc16c6edf1403e2225ab4cac3e2ac08.bin
SHA256 459dd0eb903486e9c93ffa9f5114d0a7dbc16c6edf1403e2225ab4cac3e2ac08
Tags
discovery persistence collection credential_access impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

459dd0eb903486e9c93ffa9f5114d0a7dbc16c6edf1403e2225ab4cac3e2ac08

Threat Level: Shows suspicious behavior

The file 459dd0eb903486e9c93ffa9f5114d0a7dbc16c6edf1403e2225ab4cac3e2ac08.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence collection credential_access impact

Obtains sensitive information copied to the device clipboard

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

Checks CPU information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 18:24

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 18:24

Reported

2024-06-12 18:27

Platform

android-x86-arm-20240611.1-en

Max time kernel

48s

Max time network

158s

Command Line

com.indosk.sensidkk

Signatures

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.indosk.sensidkk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
US 1.1.1.1:53 surveyheart.com udp
IN 3.7.200.187:443 surveyheart.com tcp
US 1.1.1.1:53 browser.sentry-cdn.com udp
US 151.101.130.217:443 browser.sentry-cdn.com tcp
US 1.1.1.1:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 1.1.1.1:53 stats.g.doubleclick.net udp
BE 142.251.168.154:443 stats.g.doubleclick.net tcp
US 1.1.1.1:53 o588651.ingest.sentry.io udp
US 34.120.195.249:443 o588651.ingest.sentry.io tcp
US 1.1.1.1:53 surveyheartmedia.s3.ap-south-1.amazonaws.com udp
IN 52.219.156.66:443 surveyheartmedia.s3.ap-south-1.amazonaws.com tcp
IN 52.219.156.66:443 surveyheartmedia.s3.ap-south-1.amazonaws.com tcp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/com.indosk.sensidkk/logs/20240612182414963.log

MD5 c961b25dda7e0a63152acaef8c52a1c1
SHA1 76539513237a1baa0008c7b0d2689c503593eda6
SHA256 6b381ef45497de2029908fc6e53f4fa2d392f6fc9d4e26019a31d315296cf643
SHA512 5c6e0e344f61c089d1716908737eef7b5d368628cf7276175079df7556ecd5630d1249de7e61f793b02138fe58e79ca5d98a84aa7f1bbcc49efc83a2f6185843

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 18:24

Reported

2024-06-12 18:27

Platform

android-x64-20240611.1-en

Max time kernel

50s

Max time network

151s

Command Line

com.indosk.sensidkk

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.indosk.sensidkk

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 surveyheart.com udp
IN 3.7.200.187:443 surveyheart.com tcp
IN 3.7.200.187:443 surveyheart.com tcp
US 1.1.1.1:53 browser.sentry-cdn.com udp
US 151.101.194.217:443 browser.sentry-cdn.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 o588651.ingest.sentry.io udp
US 34.120.195.249:443 o588651.ingest.sentry.io tcp
US 1.1.1.1:53 surveyheartmedia.s3.ap-south-1.amazonaws.com udp
IN 3.5.212.130:443 surveyheartmedia.s3.ap-south-1.amazonaws.com tcp
US 1.1.1.1:53 stats.g.doubleclick.net udp
BE 64.233.166.157:443 stats.g.doubleclick.net tcp
US 1.1.1.1:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.212.238:443 android.apis.google.com tcp
IN 3.5.212.130:443 surveyheartmedia.s3.ap-south-1.amazonaws.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 142.250.200.46:443 tcp
GB 216.58.212.238:443 android.apis.google.com tcp
GB 142.250.200.2:443 tcp

Files

/data/data/com.indosk.sensidkk/logs/20240612182415137.log

MD5 7f84cc53f54451ffa4047f1a1ce72f89
SHA1 301279bdb150d0d4a7e402b1db654e6c57fdc8ef
SHA256 0709d586d169d10e7b3442a91beb0e4011e3c54f798706410e03d6cdd68f060f
SHA512 ea773d7aaf764590ff3dec1ced2d7cd6cb52ad60963d5e91bb70048e7b638d375aaf06edffaed7a4bd740036f32cef2c08ad9c760a034547bb77a9e032ebf7e0

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-12 18:24

Reported

2024-06-12 18:27

Platform

android-x64-arm64-20240611.1-en

Max time kernel

120s

Max time network

132s

Command Line

com.indosk.sensidkk

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.indosk.sensidkk

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 surveyheart.com udp
IN 3.7.200.187:443 surveyheart.com tcp
US 1.1.1.1:53 browser.sentry-cdn.com udp
US 151.101.2.217:443 browser.sentry-cdn.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 1.1.1.1:53 stats.g.doubleclick.net udp
BE 66.102.1.155:443 stats.g.doubleclick.net tcp
US 1.1.1.1:53 o588651.ingest.sentry.io udp
US 34.120.195.249:443 o588651.ingest.sentry.io tcp
US 1.1.1.1:53 surveyheartmedia.s3.ap-south-1.amazonaws.com udp
IN 52.219.156.194:443 surveyheartmedia.s3.ap-south-1.amazonaws.com tcp
IN 52.219.156.194:443 surveyheartmedia.s3.ap-south-1.amazonaws.com tcp
GB 216.58.212.196:443 tcp
GB 216.58.212.196:443 tcp

Files

/data/data/com.indosk.sensidkk/logs/20240612182414489.log

MD5 21a06fad14022d0bbb973903af5c3534
SHA1 368b5f9983133bb315e67cf96a572f232f778090
SHA256 2ec6d184948f238e21496b5500c28dda2d2343627d9ef4fc1d80df28c8c00eb7
SHA512 748769acbcf510d9258a7b48cc15c709140bd488fb064e7fdec40c004287f502e1a1ececcffbf08a86d89178cc170baac1cacf50b5de468319c5057df345baed