Analysis Overview
SHA256
dd7a2e005dd5198775ae31ebdeec10537159e90590c80673383c415658193829
Threat Level: Shows suspicious behavior
The file dd7a2e005dd5198775ae31ebdeec10537159e90590c80673383c415658193829.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Makes use of the framework's Accessibility service
Requests dangerous framework permissions
Declares services with permission to bind to the system
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-12 19:11
Signatures
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 19:11
Reported
2024-06-12 19:14
Platform
android-x86-arm-20240611.1-en
Max time kernel
152s
Max time network
158s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| SE | 94.228.165.2:8080 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 99a297d22db5c87ecb3531637037dbd3 |
| SHA1 | 33746b7950231d12808aefd7971c7a7bb16470bf |
| SHA256 | b575cf44db3d145e6c5be2e7bb827ea859187c54e5e8e4f748c6c15f560ad9ac |
| SHA512 | 1ff2b92d1aa6a445715385004e84cbe420833e8c7701fd195af27d183f5d69509c3fd3a4341dcf66c07759ec6b9817be8bbe788b7dff81f7f77fd6c432a3b633 |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | c99251d52985f55eb332a1181263b296 |
| SHA1 | d50ebda9d6dcd6b3a93fbe32af2dfe3de5349101 |
| SHA256 | 883874927dc53d826a7e5e3a4a3d031fc79d95789ac7474a07e5874f0ac83481 |
| SHA512 | c2f63bb3acb845c0c5ec5b98de5450810bc358d800f887312cf5c925af10ae34f2d1162ae86d33b2757067359b5dbaa3df2061ac1e73b7a490dcb612c3424e4f |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | 4f62ef9b0be03c9092850185b75a8720 |
| SHA1 | 42c4324ee3914dce6d5f9178cd05e32de3a8c4be |
| SHA256 | 2b09594846fc72a6ec0b1734f7c63fa7821b4768ff139f97530ef20ac594a39e |
| SHA512 | 180f1f6ac3cbdafd757ec36d9b0632498f449a41e97fba52d65a4d6738d34019cd620110350d7f0031114e1648f8ae612d4e58f90f98d19e1a4c250dd9c2fbfa |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 8c08e2c16862d52bf606997166731af8 |
| SHA1 | 2876a701d83402492e901eb2c716b642454c7fd7 |
| SHA256 | b00ae1943d69a26a614701ea7a0f3782facf8084e4feb04886ec1d514330e891 |
| SHA512 | 81ce4773b3987d6ea5de2be4ff15ed28b0921948ff1ace6a2e3bbc51b73b518f246ab4925fdcf5920d42aa3b1b1e844af055246dda424d2164a99a8e81c4109c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 19:11
Reported
2024-06-12 19:14
Platform
android-x64-20240611.1-en
Max time kernel
150s
Max time network
185s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| SE | 94.228.165.2:8080 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.187.226:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 99a297d22db5c87ecb3531637037dbd3 |
| SHA1 | 33746b7950231d12808aefd7971c7a7bb16470bf |
| SHA256 | b575cf44db3d145e6c5be2e7bb827ea859187c54e5e8e4f748c6c15f560ad9ac |
| SHA512 | 1ff2b92d1aa6a445715385004e84cbe420833e8c7701fd195af27d183f5d69509c3fd3a4341dcf66c07759ec6b9817be8bbe788b7dff81f7f77fd6c432a3b633 |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | b3b7d7e34e8323e719764881e1ff71b4 |
| SHA1 | 9a0f59ad003377cd61ddb6c0e3b4f7fa944e5740 |
| SHA256 | 75cb84a3f2745c9425046f02d4801a48a14f6bf572c162af77920edaecedbb62 |
| SHA512 | 8154840dbd4b97b3273ba436462b099e319d213b3193b924dd52c21a38a122782c897ef4ccd00691f9cf12f5e51ca76c259399a62009984de7a36921864cf9e3 |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | e50403430f2250a09ef5baff0161c76a |
| SHA1 | 5097b91912a94586d4974840d1f81738958a0112 |
| SHA256 | fd8e24b8e7576b2ce6ee423199ef4cc1e8e46a2b8f25d4d057c4aa2858efe837 |
| SHA512 | a81dd002c1550a10729cf3b262f1ff72cc1318cdeacf9aef621dc6ba62dae2cea88d5893abdc53c8e6c06c6c7b4247d153ddeb8dbeff7d839531df5a2ea76c3b |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | dad3a2c22b3defc0f8a642f726e3f1a4 |
| SHA1 | d40224425efcad348cf6ae67b2aafa6cf87d884e |
| SHA256 | 0c7d64886db6ac6baaf76a094d529c2241a537f3e462c3809627c37730bba1a8 |
| SHA512 | 8ef632b95446bcc6e7e25b315223bbfec8eaf22522ae29d437af697fa6f05cdf77c0ddf17fe9bb69d5a393382ce04422de1fb2f5799ffe0f9cb7643142ca7b74 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-12 19:11
Reported
2024-06-12 19:14
Platform
android-x64-arm64-20240611.1-en
Max time kernel
150s
Max time network
132s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| SE | 94.228.165.2:8080 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.180.4:443 | tcp | |
| GB | 142.250.180.4:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 99a297d22db5c87ecb3531637037dbd3 |
| SHA1 | 33746b7950231d12808aefd7971c7a7bb16470bf |
| SHA256 | b575cf44db3d145e6c5be2e7bb827ea859187c54e5e8e4f748c6c15f560ad9ac |
| SHA512 | 1ff2b92d1aa6a445715385004e84cbe420833e8c7701fd195af27d183f5d69509c3fd3a4341dcf66c07759ec6b9817be8bbe788b7dff81f7f77fd6c432a3b633 |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | f896d10e1b1e437ac763c4dddae7a269 |
| SHA1 | e8f34970db3c7a5f1cdaad23bf843911478437b2 |
| SHA256 | d82ec7acd0f0d1b36a2659b14e2a09a38e6e3e8d81c8b6dd84385c84405edd36 |
| SHA512 | 32f00deda3f76c2d127bd3fe4c053544f8c349bfc6f3010fa71c97235036a7fc34db354c9410899216fb9995d754a62612032138a455c5129efc4030ce2fbb20 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 7a3d870ae341ec1f0b94e2d40b355cd9 |
| SHA1 | 0cb3bd1ee331f2bc328cf3f3b3354632f5e69ae2 |
| SHA256 | 5b9eba4c789b4463150ff95b0e94d36ce8a19e0e8ac2fb4158129322b941a04a |
| SHA512 | 1e198818bf35e612fe893fe677beeb74ec61bdfc0f03c0f646b3f334136214e8e2714fa55a9d2fb51dd03448d3e8ecf731e6f646e87a194e9cd1c24d51f7c128 |