Analysis Overview
SHA256
106a1c053ec9b02d0669a9f8ea2a8b73114e6bc5ff4a7ba11c3b6dabee573cd7
Threat Level: Shows suspicious behavior
The file 106a1c053ec9b02d0669a9f8ea2a8b73114e6bc5ff4a7ba11c3b6dabee573cd7.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Makes use of the framework's Accessibility service
Declares services with permission to bind to the system
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:10
Signatures
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-12 18:10
Reported
2024-06-12 18:13
Platform
android-x64-arm64-20240611.1-en
Max time kernel
152s
Max time network
133s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| SE | 5.42.74.70:8080 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.212.238:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | a170880b6ea89591777d063d1dba7fe7 |
| SHA1 | 1935a975726a4bb62e9fb5e34ba3956abb1813df |
| SHA256 | efec7d2f85d0edc595ff1a5ad55ba26e8887e0c494b54a965e2e4a80059195b3 |
| SHA512 | d499d27c2fb11b52abda074eb060c80c72ee6c1772f473ae293e4d182420a4ad8c2e9e491a45c8b6ae8b88de7a4a112b37dddcc22179fdb036904e237915bd7e |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 7956eaeba03f0abb0cd3874ffb28a6be |
| SHA1 | 63988cd2e6011de2a2f9d5c166540ee63284a21a |
| SHA256 | 1ebad92137326630da4603818119b194db8ed0ede1c83c1411659f816fe66292 |
| SHA512 | f4daf1ae370402ba17fcdee8e39fc592d5e657d6393c9b98374d70dd86502d89e071f55586d1c3fce88b0db8693e03ae112192a78db4f09c797466c53033ebe9 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 73fb8f4389345578250029063f5f0288 |
| SHA1 | 30037f29e218f75ecc674ab9a7e0d294aaf8d433 |
| SHA256 | dd1f65f36beabe30219ba2dbedb25b0d5a9f149cb6bd2e4d6cdd794ad56f2579 |
| SHA512 | af45586c37c423d4459581ce6849ed628947a8296e1432a6ec957d58cd06de88f75dd3175256f22581939508e2824894c6b754da240e00deb30e1d43b415596c |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:10
Reported
2024-06-12 18:13
Platform
android-x86-arm-20240611.1-en
Max time kernel
153s
Max time network
136s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| SE | 5.42.74.70:8080 | tcp | |
| GB | 216.58.212.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | a170880b6ea89591777d063d1dba7fe7 |
| SHA1 | 1935a975726a4bb62e9fb5e34ba3956abb1813df |
| SHA256 | efec7d2f85d0edc595ff1a5ad55ba26e8887e0c494b54a965e2e4a80059195b3 |
| SHA512 | d499d27c2fb11b52abda074eb060c80c72ee6c1772f473ae293e4d182420a4ad8c2e9e491a45c8b6ae8b88de7a4a112b37dddcc22179fdb036904e237915bd7e |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | c080cd394722268d98096d0f8547d1a3 |
| SHA1 | a207437ee93d3df36ed0832046794f1bc9d42dfc |
| SHA256 | cb11c420f717471b5391c016123336da51104080882695981b7c133ad4d51129 |
| SHA512 | 73c19c8cb944ad451676c4998581c55a80fa4f52579c7602abf941b87f2dec0da9594075f17a4cf8190164769bc451b8621a8e3250ba205c90145f63b9f9edbc |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | 667d3438e7328df8bf4b4f7b1e9d89f0 |
| SHA1 | b54bbccfd66b7a5d29c043820145dc2c6eba2c27 |
| SHA256 | 82c463c525162fed06abd19350b30200e58c0ecf80260a98aea08770b00f8cb1 |
| SHA512 | b8fd77ca4511a9ede644f4e4d9c83bfbe632a250b9555902929d257d2bb18aaab25dcac7f2d22b817831c8f2da1f069d824cf52f316cbd04d6adad5437676e83 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 4150efb7d10fb76b3ad1652173e4a8c1 |
| SHA1 | 4950c68b8c0aac1e3970d1a65ac3af8dd5f5b6ea |
| SHA256 | e27bf13c48428d8fcd5207336e232b1e2b1068b94aeaa3fb56667a4d3c20bdac |
| SHA512 | 7d2deb2ea5a224bde8f6b5a21155d411c19ff4b58bbe4386a4226e02515b3c91aacc0e0482cc2388d152424c00405f7b5012ec144118f9558dbb62d9187cb8dc |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 18:10
Reported
2024-06-12 18:13
Platform
android-x64-20240611.1-en
Max time kernel
153s
Max time network
160s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| SE | 5.42.74.70:8080 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.187.226:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | a170880b6ea89591777d063d1dba7fe7 |
| SHA1 | 1935a975726a4bb62e9fb5e34ba3956abb1813df |
| SHA256 | efec7d2f85d0edc595ff1a5ad55ba26e8887e0c494b54a965e2e4a80059195b3 |
| SHA512 | d499d27c2fb11b52abda074eb060c80c72ee6c1772f473ae293e4d182420a4ad8c2e9e491a45c8b6ae8b88de7a4a112b37dddcc22179fdb036904e237915bd7e |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 97541a4409a3912cab9d9d40473dfbd0 |
| SHA1 | 4d4af1841da3e74a8efc922fc0a1b62b2d0f4092 |
| SHA256 | 5f0813813b48a611f026e4449bb90671e6c8470bd1f12f7be89d3b2892f1bedc |
| SHA512 | 9fbfc5eca8263360d79b485d4721c84f4a8d803c416be0b0e22fbc827817da8e77c8d849edb053e4ef487e85d28f5d8032299ac0c57d958b792577e8f55a1be4 |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | d133fef714afe5259fa65c1be9f47128 |
| SHA1 | 651ab4ad1c46d42cb16b5ad47ff97232cd827d67 |
| SHA256 | 81787515bf625b98d95c8dd248bb0fb219e4ebeacebdf15c9a286311440199d4 |
| SHA512 | b4067db8e5ea06aa2a870a30db80b301e67c070a1400490dd08f91f6a16057bc0bb2ff6e3884a69cb54f4fd73fde167337f095f5093ae49e585e631b7e64a893 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 2e89b23162bc8daea7d034841772d7b3 |
| SHA1 | a0145f3ee59f99b283c6244786e8a51fbbaaecf8 |
| SHA256 | 2e2734cb8f2741a29196c3133db06feb92c756547346e1a7999b4431daab06c3 |
| SHA512 | 88d0734ba62700b2af37268118cfb769b5421a843f34ac8cd1b3ac9a2e1990ec0a19254f9cb23649c42fd717683ac48ea6ecdaeb56d6f3a7bab6c658cf9d41a9 |