Analysis Overview
SHA256
a52e657422b5742850eed02bddbafd1c2e8dba3b1dba2593f13044cdd24d401d
Threat Level: Shows suspicious behavior
The file a52e657422b5742850eed02bddbafd1c2e8dba3b1dba2593f13044cdd24d401d.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Makes use of the framework's Accessibility service
Requests dangerous framework permissions
Declares services with permission to bind to the system
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-12 19:29
Signatures
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 19:29
Reported
2024-06-12 19:32
Platform
android-x86-arm-20240611.1-en
Max time kernel
160s
Max time network
131s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 5.42.66.38:8080 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 60a82bbb9a59b92fbac90d2931dc966e |
| SHA1 | b144521a14b998367f992a8f1c9308c12801b02b |
| SHA256 | 47ddab04b5b8fc724300c51e0a64e67da82a095ae0508efe71f420668b8f8779 |
| SHA512 | 70beac49b104532f9eb88e0553f299f096849c18733ae830766cd76d8d13d909bf7bbe5ac5519568ae4341743c5c8c5b3716fe5cac5f401eb1e04f2dff1846cc |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 46a813a82c1bdf1c8dc0920563b05fa8 |
| SHA1 | 5ea231860dd0dacbbf48dacec66f7e64fa66cef1 |
| SHA256 | 8869f41faa9388cc8e50b78dbaca11fe87a5a1b05df15097325bc3d8644c2081 |
| SHA512 | 7340a889aea919b14e60971961074dd4348d5b1e59c1b134dae12925afced1009c8cbf78559b0f43dcaeffb7686de7840a9c9ad4342765b2411d0f8aeb71037e |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | 0fe31c63e85136875e4620bbfaebde2b |
| SHA1 | 0d122bd92b1d6f8c693bbc3d7a4d584e866a02c5 |
| SHA256 | 6afde1d59f2649591178d96a29e30086bd910e39288734f266e5647590e91323 |
| SHA512 | 21269275c3a182b77e7510bd3163ebb59c79c129b844a2cc0706e1836fde7a084d622721c820b144b1e10338eaaf022b0d3d2adc1d4c35b660dbdd68ccd700e2 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | ab6d34558eae192cdbba6336cfa544f1 |
| SHA1 | 9c6d089d5df563a4980ecc026a603706d812ea28 |
| SHA256 | db54dece708b1c70cd17c766211fd905a9ef04490c098eeba3c0592ae2c89fc5 |
| SHA512 | c3ae47481e0ce4a7fbca0c226d37f5c9d6984632c141226b6d29a0758cff2a273e97277e7365959524c7f04d75d30e276e00a26366bae1ea5f8a01ac70088956 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 19:29
Reported
2024-06-12 19:32
Platform
android-x64-20240611.1-en
Max time kernel
156s
Max time network
151s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 5.42.66.38:8080 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.187.226:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 60a82bbb9a59b92fbac90d2931dc966e |
| SHA1 | b144521a14b998367f992a8f1c9308c12801b02b |
| SHA256 | 47ddab04b5b8fc724300c51e0a64e67da82a095ae0508efe71f420668b8f8779 |
| SHA512 | 70beac49b104532f9eb88e0553f299f096849c18733ae830766cd76d8d13d909bf7bbe5ac5519568ae4341743c5c8c5b3716fe5cac5f401eb1e04f2dff1846cc |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 9d51322eee80610b71a83136e8f3eb06 |
| SHA1 | e9cc2829b8afe919a90640f904c7ec51fcdc4646 |
| SHA256 | 4f1f634fa87918a0f321fb3971e05efbf52219f0e223231dd069ed808cd5d860 |
| SHA512 | 3f6083f4f678244648b6f4b9e902bd03956c3472082bba49652e4f39db385f7d1b2e9711cc69b3e325ca47d00d7a7ec210615dbec7f83048a88fdd52adafed04 |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | f08855afdb91e32525bfa7726ee16ba1 |
| SHA1 | 021e780d91e4298abd70b4db9374feb905901614 |
| SHA256 | 7c5ae03ecda2f5c9894154ad575750e268ca101f1d896e21ce7ec4bf4bc358e5 |
| SHA512 | 519728dcf0fca641df89e059e4dc678c589f62e84abee89a43638b20a86012ade40080a60abb5c7464cf5d83865a4bb46ee8e63ee1e79bfa1e15311bb4cfe4ed |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 65cec07f7d41a4ad058907a087dbc1dc |
| SHA1 | 3c6398f16f0f6895260224a06ee1ebd05c64540b |
| SHA256 | 2d2848e2ea0851fb6478f9a4af48c82b9da18f2f6a9de2993e3eee3aca3e3e87 |
| SHA512 | f7d2f3c08675e9b09c4d274d540393d57f791ec49d6f7c1c6b55385a81dde79a1cee7d2314c286e6d7f7d3f9eae80124519398302abdc6c6f0f437885c83bc13 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-12 19:29
Reported
2024-06-12 19:32
Platform
android-x64-arm64-20240611.1-en
Max time kernel
156s
Max time network
132s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| RU | 5.42.66.38:8080 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.178.4:443 | tcp | |
| GB | 142.250.178.4:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 60a82bbb9a59b92fbac90d2931dc966e |
| SHA1 | b144521a14b998367f992a8f1c9308c12801b02b |
| SHA256 | 47ddab04b5b8fc724300c51e0a64e67da82a095ae0508efe71f420668b8f8779 |
| SHA512 | 70beac49b104532f9eb88e0553f299f096849c18733ae830766cd76d8d13d909bf7bbe5ac5519568ae4341743c5c8c5b3716fe5cac5f401eb1e04f2dff1846cc |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | b382091ea1aa4b334c3d94a8c33061a2 |
| SHA1 | 19ac2ffc94c15719997872161aba6f3d7536334d |
| SHA256 | fa368754085607cd731637ce331ba8b9b6374dd68f9d3ee7b82ff96c73d2036f |
| SHA512 | abbb248296d08254bb4fb95dbbc634fd523b60ba699ce57378d8a98c6e7ed61c89adf56bbdb23a50c5f835e48eda658888e3303b9c172ba2212d2ce1deea7b32 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 166d89e6c0cecfa3f710c7b117e808bc |
| SHA1 | 4a969e7e77f330b3a27725414d988be3089354d2 |
| SHA256 | 29fff4eddc4557971d11de9e7bc20acb9619c57006b9ae0e9ac166b438ef2f6f |
| SHA512 | 11928269fe9b6bd852823c527d937ff165605226d0d0b4f1e0382386dbb0372df00394511e949029a6d6816097484cc43f74a9352aaf2bf743703cea49b3fe71 |