Malware Analysis Report

2024-09-09 16:38

Sample ID 240612-ww6fhavcnb
Target ca5d8f08c7d9dada0d9f5a18d3b3fea08e650855d45a98b98731e0594e0cfcf9.bin
SHA256 ca5d8f08c7d9dada0d9f5a18d3b3fea08e650855d45a98b98731e0594e0cfcf9
Tags
discovery persistence collection credential_access impact
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

ca5d8f08c7d9dada0d9f5a18d3b3fea08e650855d45a98b98731e0594e0cfcf9

Threat Level: Shows suspicious behavior

The file ca5d8f08c7d9dada0d9f5a18d3b3fea08e650855d45a98b98731e0594e0cfcf9.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery persistence collection credential_access impact

Obtains sensitive information copied to the device clipboard

Declares services with permission to bind to the system

Requests dangerous framework permissions

Queries the mobile country code (MCC)

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks CPU information

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-12 18:17

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 18:17

Reported

2024-06-12 18:20

Platform

android-x86-arm-20240611.1-en

Max time kernel

23s

Max time network

159s

Command Line

com.google.massagg

Signatures

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.google.massagg

Network

Country Destination Domain Proto
GB 216.58.204.67:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.201.106:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 216.58.201.110:443 android.apis.google.com tcp

Files

/data/data/com.google.massagg/logs/20240612181730933.log

MD5 25bcbe9a7fafa325bb6ef3a73140c1b0
SHA1 07addb4fc1d7cb4ea5addb913e3cb3c7c650fe24
SHA256 e4ed303029ab1835c6838ab6a58994e5b3b95e23ee88bd809260429769fa264c
SHA512 9479da73d74f791a6fec366f87e0015094d8e79b27d40f87e2e2e2c2009846ced95a2ddaa61e142c99cce574217ca777de8efdd3363113d3b2dd6d3fc7b21d13

/data/data/com.google.massagg/logs/20240612181730952.log

MD5 f13d787c1f05e312aea6285783a23e6a
SHA1 5fc3bd682bcb420cbc419fabc26472df646119c7
SHA256 358c14173fe76b86294431738da355ca770ddc650ac7164cfc1514009e5d3643
SHA512 c07f2abf7d1d8088a7ec52dec02f83807d84a872387c6d2d6bad5071582bd5e492b50448fc9cb876639b13656e4cc5c44f16f08413d5ea07ce39fe7756cd7c35

/data/data/com.google.massagg/no_backup/androidx.work.workdb-journal

MD5 4f5ed29a31877f6a06c14d4f8db084dc
SHA1 3c5b56d6d85c9bed54d21a8e3c46f1013d7fd107
SHA256 35fcc29479e86ee789009ef8d40baccbad1ea75cb598bf6c6be84120c132223a
SHA512 6194dec63ce5cfb1174d4c12f255c8e94f4dfd29dc796b1a6b2aefb0a2a9884ae38f745df681aab7e3389399b7bc92ad96b2dff2a108fa33507d6afd0b2c44cf

/data/data/com.google.massagg/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.google.massagg/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.google.massagg/no_backup/androidx.work.workdb-wal

MD5 26417b7e4d03863d70fe8491ff4b79aa
SHA1 1a15e1ac14763e93b1b0837244ad7bea16ec103b
SHA256 e862c9471eedd671fbec922cc7587ceb6a53bb6ead2b53919f3a0854a6d6e38d
SHA512 e0cc16bd76530094ef2087ae6a19823110d3d761030e844ba5107070ad851a64913e39cdf6978ad0297cebedf91cac6a357e30f83f0ad2c212d69552fb173967

/data/data/com.google.massagg/no_backup/androidx.work.workdb-wal

MD5 5f0b1b5239ffba4e57ade99c0a297493
SHA1 b3b185e8fd44ae71f7ecd8404343df2daf44c553
SHA256 2c01bbe56ec59ae03efe9ff2eed4a0860d2593d609753925f58050cfae6e5fa2
SHA512 b482fe7b1210c9a25fd650f8d2dcc11f5c68400c10431f9ca7e253e6ea888dd3c3c659706ebbfff003ce6825c7e8fb5bed6e38b5757d5fab36792b98fe41baea

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 18:17

Reported

2024-06-12 18:20

Platform

android-x64-20240611.1-en

Max time kernel

53s

Max time network

151s

Command Line

com.google.massagg

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.google.massagg

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 142.250.200.46:443 tcp
GB 216.58.212.238:443 tcp
GB 142.250.200.2:443 tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp

Files

/data/data/com.google.massagg/logs/20240612181730103.log

MD5 26e66973dc4e156b216755e9b94eb402
SHA1 f4af9dc1db65ea3d155bd8b564441568693a04a3
SHA256 b68df80079d9a172005a30d66ef4a2946e03d71667ef62f8410bb9d3cabf5f5a
SHA512 3d57a9e3580d1e28c6a1819954017a597a5d51eb18b118e84377cd967aacc062baccf9ca202644f907a83d9b63acac7d0d62e659c8e807f2d5c76725ee67922f

/data/data/com.google.massagg/logs/20240612181730133.log

MD5 7e86b6626a063a8a25a045fc5b81f8d2
SHA1 8a29c967c5bb36b14804937b685fffc6093706ef
SHA256 72d6bbb6a42621ceb993a5ae639d41f417445661b03170a85fd89dfdea7f1b6b
SHA512 1ebd8abcc55952d2d1e5de82c17938c238de47b586fa9be368937d6c9012961c222fe51890dcf103b1214f94c4a91133a8df83ed830a46f67f33abf0827c33c7

/data/data/com.google.massagg/no_backup/androidx.work.workdb-journal

MD5 80d85ac2ab2a4cbbcc9f8ec02fb6e873
SHA1 e6a7b8a68ddbaa0f1fbfb5569aa907106f617be8
SHA256 628644f7eddb4a4a99fe0b5dddf081caa836edb303abb5c30aa9ff60e5a67e65
SHA512 42d73428bdb59839ff2c85526972bd9d99b4b487a0de2a142b26b21963325c10dbb7ef74a39252d319867d4e487e620907f38fa8671d437316da819e0f9d471b

/data/data/com.google.massagg/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.google.massagg/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.google.massagg/no_backup/androidx.work.workdb-wal

MD5 5846612ab070566e3a6b2fc6506c1eb2
SHA1 9a667fee423457ba33877ae02d38d693b630f1e4
SHA256 cc84b097748de9b08729d6611090c5438bf3a2688250b020155fda51f239ee44
SHA512 6578be92a9063853f06ae2c3d2eda130e62e04d2e2272a6fdd03455861cdf3e40af6537452ee0b250c647c8b933c535ce08e1c2eb1812bde912bd19d3c24bdf4

/data/data/com.google.massagg/no_backup/androidx.work.workdb-wal

MD5 a14b417e87210b6e8340a0bcd9243346
SHA1 64115876b70e1a20fafae5a9230a078e27f3b01f
SHA256 189aeb91d3320bb619a3c8a355d906e8e6cead4fddbf3f27f499800d7f1450c9
SHA512 b60671876288d3e7959803ebca54b2767c5909b32687cff2a9c715c9ffe0c27d3f92111b36dab6eb5dd5df5254eb47ddd323f24562622a6ac80983ee4e13d03f

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-12 18:17

Reported

2024-06-12 18:20

Platform

android-x64-arm64-20240611.1-en

Max time kernel

88s

Max time network

133s

Command Line

com.google.massagg

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks CPU information

Description Indicator Process Target
File opened for read /proc/cpuinfo N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.google.massagg

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.212.232:443 ssl.google-analytics.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp

Files

/data/data/com.google.massagg/logs/20240612181731332.log

MD5 a3fbf16deee475d185f65d91d00e39d7
SHA1 640c0dddc828247f01f0dfab514cdf30ce29bc66
SHA256 38a650ee95248a4abf84bbef4f57b5ca8c2fdc8f2df7fa858fe974c92ac3cc81
SHA512 5c6bb900acde4112f358ab630392296c1baba4fd958f21b7f58939bd7b553c9fa5beebceed7964eb332527dafd01bf7c77fd3f8cdda1b1173eeb3225239580ea

/data/data/com.google.massagg/logs/20240612181731343.log

MD5 1851f47dd2d0abec9bb1e89c9db76bfb
SHA1 fe8aa68633c3e1000730e5892dc457e3ea1ce953
SHA256 598f561deffc6fa54f4e150220a68d11545d49d7a1c08e5db97b9ff6364180ac
SHA512 f6e26949bb5f2db32835401051fb4a7da60e632c4806f32b9bf7c4001cc55ee9d79034461344b8ce17b04fdf8867c55d76324e50f44bac3afbe07e07fb38d1a4

/data/data/com.google.massagg/no_backup/androidx.work.workdb-journal

MD5 12d1145b23df2ae52d0e45f4a07b7a27
SHA1 8f0bc269040f6d31ce3fe7f1a028fb44c799ed2b
SHA256 56f82178feea67e69b876e0dd4998865e0d44d41e4e1e6a1549092a3dacac392
SHA512 b9454a151c26d0296f6cb8137455eaeb1e65917a4e92cd5476f7e416c9d6801113135f143f9805eb822072a0f6f0d2211c8a71e7ffb1d12a687be458a9715976

/data/data/com.google.massagg/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/com.google.massagg/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.google.massagg/no_backup/androidx.work.workdb-wal

MD5 0c565ca81771e4cb5f72aff3f3410cd9
SHA1 aec3269ed9f38e8d5a320f59359cbcde7e570a5e
SHA256 0004b1c245122304392112e878d45ee7ab350fa5f95382ac9b46f7fd074b3560
SHA512 9980d6d57315f1612162ed0d7fb47dd5631f9532286d9c7b65b457723801c5251bee5b48f6df77c652c9108330836c1381da2d3429ff7f363cff7cfb02860dec

/data/data/com.google.massagg/no_backup/androidx.work.workdb-wal

MD5 ad099726d6593421799d2e520dd935ad
SHA1 7f65c447de197759ebbd96854f92b4d8c6e25307
SHA256 b410a258135bab3e62628445a1894a6a51f954d2b021fefc9cd5d41e112dc0f0
SHA512 f43ee67f2f48fa607b90a99190bb3e807d2b65dc944accde013153be5659aa179ef43c83fad87b28269fcf7c2ed2f01dffdd9f56b353b3400d516f2fe9e4f418