Analysis Overview
SHA256
5fe50b61b4f74bc7bd12604ead9d05339badc4995557ab3da4dda6e6f4ff2677
Threat Level: Shows suspicious behavior
The file 5fe50b61b4f74bc7bd12604ead9d05339badc4995557ab3da4dda6e6f4ff2677.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Makes use of the framework's Accessibility service
Declares services with permission to bind to the system
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-12 18:53
Signatures
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 18:53
Reported
2024-06-12 18:56
Platform
android-x86-arm-20240611.1-en
Max time kernel
170s
Max time network
158s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| RU | 46.226.160.5:8080 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | a85f5477d050989d9e5903eabae09f44 |
| SHA1 | c826d78331a095c99360a75719c0a8fe5b26b8b5 |
| SHA256 | bee27ebb0de57ee4f564674b22d71962a8d772a8d501178845f380d6d00eae03 |
| SHA512 | 58b352aca787cd57cec9c3e2a012c176ba216ce26c4d9292ef9d6879d0aac69f9d9a3b5f7ecb274b08d410af3aed4ac4d7291759c4286335438980e65556429d |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 73e054fea172f6686243ffac5e35a2a9 |
| SHA1 | f9981ff81cf9f04e413e0c08bde496c11213baef |
| SHA256 | 63cd3c754831c61f8ead26ab6e36f8087592c125e09589b422d4a318de93c7ad |
| SHA512 | e83d53538d6ce2477cb80f72fb3bd383f20a8f1dda395445c29502d559db6303b878438c2ab8c5f724fc304bd20b325d0bc876d6b113458d5ac9febb55825576 |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | 42a7a93f47d409fc41184c67197b403d |
| SHA1 | 4764f76f67fc8744a46f4109d758ce314f182629 |
| SHA256 | 0ad61e91cec062ed6e775032a2eeff52303d8c0e92d422890f4ff0852eee762d |
| SHA512 | ad67bd208f1b0cb3f420b206e4aaf15e0020a66065aaeccb7aaaf51d2e7f26504bbea5c994cdb815fb196cd804f90dff3c350a242908fb38e3d0840ad87efb73 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 41b6ee29a151a196c21eba5bef1dbc19 |
| SHA1 | d642556ce2ef66699bf8a7facf6e76a1c9b06c9a |
| SHA256 | 7fb15880cccb9caf66dc4557f7d7d762cc5822588b2cf2ef5b634251d13b8990 |
| SHA512 | 328f5d88ed5a14af891f589dd79c7f5893a508bd82c947f42ea7c6303582ba37612f4f5e8839a3fc3315b06a01de9fcba85fc874bbffb5f278e2ee719f40b018 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 18:53
Reported
2024-06-12 18:56
Platform
android-x64-20240611.1-en
Max time kernel
175s
Max time network
188s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 46.226.160.5:8080 | tcp | |
| GB | 142.250.179.234:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
| GB | 142.250.200.14:443 | tcp | |
| GB | 172.217.169.66:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.204.78:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | a85f5477d050989d9e5903eabae09f44 |
| SHA1 | c826d78331a095c99360a75719c0a8fe5b26b8b5 |
| SHA256 | bee27ebb0de57ee4f564674b22d71962a8d772a8d501178845f380d6d00eae03 |
| SHA512 | 58b352aca787cd57cec9c3e2a012c176ba216ce26c4d9292ef9d6879d0aac69f9d9a3b5f7ecb274b08d410af3aed4ac4d7291759c4286335438980e65556429d |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | e6a1dce47ad85f1e7f5fd10c87abca2d |
| SHA1 | 0c1c285852c84dbba786c7c07d6faffc8b6de7c4 |
| SHA256 | 473daf686e6191b9b33dd457df10d558da0a53f19201d9fcb993f997018b4ee1 |
| SHA512 | 33a8d047a8ef358c3b2a766a66b1d4ee635b36ce3ad2a30d888c26847e98b5d1688a4a2ce560e978a183992e92d011ff4b325adaaf8fbbfea7cdcd9b6c6063aa |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | 9a9770286ff9a39353c36dcaddaf5543 |
| SHA1 | a9381020dae1399de087f603a587cdd7b7da4893 |
| SHA256 | 142ce0f5dda19d8f5d6922b4b488de6923baa31a39fdcc286ea5589cf33fe1f5 |
| SHA512 | dfb98dad741c9fa6474d92eb72395e2a0bcafa4fe14f9e8ea9aafe7787a13b0e1666229d9c0ca557bc3dff8aa0ac7f0bf650519aed981920044d60c0318eaf14 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 4af131d6da4100bc03f11f956aa855c3 |
| SHA1 | 8a92be517f64bbd0d5326836e6851337c7dd7b72 |
| SHA256 | 41fb94bdfe1d5d097934e2eaa290492792636d7010455959eb77a9adc0ba4a43 |
| SHA512 | 1cf026b173249730c27bfc7e64233a67dbe563751b8386a9560fca676e64c796f7bc38005701a90ff6801143c29aa9d4c16a4f9ca4a4536111f2e3b764737588 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-12 18:53
Reported
2024-06-12 18:56
Platform
android-x64-arm64-20240611.1-en
Max time kernel
169s
Max time network
132s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 46.226.160.5:8080 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 216.58.212.196:443 | tcp | |
| GB | 216.58.212.196:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | a85f5477d050989d9e5903eabae09f44 |
| SHA1 | c826d78331a095c99360a75719c0a8fe5b26b8b5 |
| SHA256 | bee27ebb0de57ee4f564674b22d71962a8d772a8d501178845f380d6d00eae03 |
| SHA512 | 58b352aca787cd57cec9c3e2a012c176ba216ce26c4d9292ef9d6879d0aac69f9d9a3b5f7ecb274b08d410af3aed4ac4d7291759c4286335438980e65556429d |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 7fcee149a7e268385fc53dba3dbb8923 |
| SHA1 | d0fd37bb6dd0ef49b4f5d7b540be91bd590c031b |
| SHA256 | 132b84cc1cdf3977b4bc2f30a833c670cb114da53207740f0f3a5dce28567dc1 |
| SHA512 | e0e9dd0b613d7843eb7c1b814b796628bfea457a3d147681b2c005140ec2a91db58e13a0ede4afabf16d12f35c8cdd778381b57df4aa428746dfaff2cdd13598 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 186a87a807504d1a74b97f0cd8558cf1 |
| SHA1 | 33e7817b267ac9dfca11972e56ef71ee2368aa82 |
| SHA256 | eb59d56b74ca600fcdba5b9c013f78944b88000584d1c4bc5632a725a13ca61a |
| SHA512 | 7b3b27df1a4b89c5e4c5ae52cc717fe7e81ed249fe1a24a8b4e138de0f9437aaf3a53e118dd25628cf470320d0c176f63d9164221b5a5b910fb68cd428aeb1c6 |