Analysis Overview
score
7/10
SHA256
2a7b123500ae9038a1d73b23b217563e5cbee9de68ff1b7c3b82ef215a82b340
Threat Level: Shows suspicious behavior
The file 2a7b123500ae9038a1d73b23b217563e5cbee9de68ff1b7c3b82ef215a82b340.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
N/A
Analysis: static1
Detonation Overview
Reported
2024-06-12 19:43
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-12 19:43
Reported
2024-06-12 19:46
Platform
android-x64-arm64-20240611.1-en
Max time kernel
49s
Max time network
131s
Command Line
com.blood.smsrecevier
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.blood.smsrecevier
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | customersupporthelp.wixsite.com | udp |
| US | 34.117.60.144:443 | customersupporthelp.wixsite.com | tcp |
| US | 1.1.1.1:53 | frog.wix.com | udp |
| US | 1.1.1.1:53 | panorama.wixapps.net | udp |
| US | 34.227.36.233:443 | frog.wix.com | tcp |
| US | 34.149.206.255:443 | panorama.wixapps.net | tcp |
| US | 1.1.1.1:53 | static.wixstatic.com | udp |
| GB | 108.156.46.5:443 | static.wixstatic.com | tcp |
| US | 1.1.1.1:53 | siteassets.parastorage.com | udp |
| US | 1.1.1.1:53 | static.parastorage.com | udp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 1.1.1.1:53 | www.wix.com | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 34.149.87.45:443 | www.wix.com | tcp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-12 19:43
Reported
2024-06-12 19:46
Platform
android-x86-arm-20240611.1-en
Max time kernel
35s
Max time network
149s
Command Line
com.blood.smsrecevier
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.blood.smsrecevier
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | customersupporthelp.wixsite.com | udp |
| US | 34.117.60.144:443 | customersupporthelp.wixsite.com | tcp |
| US | 1.1.1.1:53 | siteassets.parastorage.com | udp |
| US | 1.1.1.1:53 | static.wixstatic.com | udp |
| US | 34.49.229.81:443 | siteassets.parastorage.com | tcp |
| US | 34.49.229.81:443 | siteassets.parastorage.com | tcp |
| US | 34.49.229.81:443 | siteassets.parastorage.com | tcp |
| US | 34.49.229.81:443 | siteassets.parastorage.com | tcp |
| GB | 108.156.46.5:443 | static.wixstatic.com | tcp |
| US | 1.1.1.1:53 | static.parastorage.com | udp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 1.1.1.1:53 | browser.sentry-cdn.com | udp |
| US | 151.101.130.217:443 | browser.sentry-cdn.com | tcp |
| US | 1.1.1.1:53 | sentry-next.wixpress.com | udp |
| US | 54.173.37.153:443 | sentry-next.wixpress.com | tcp |
| US | 54.173.37.153:443 | sentry-next.wixpress.com | tcp |
| US | 54.173.37.153:443 | sentry-next.wixpress.com | tcp |
| US | 54.173.37.153:443 | sentry-next.wixpress.com | tcp |
| US | 54.173.37.153:443 | sentry-next.wixpress.com | tcp |
| US | 1.1.1.1:53 | frog.wix.com | udp |
| US | 34.200.82.15:443 | frog.wix.com | tcp |
| US | 1.1.1.1:53 | www.wix.com | udp |
| US | 34.149.87.45:443 | www.wix.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
N/A
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-12 19:43
Reported
2024-06-12 19:46
Platform
android-x64-20240611.1-en
Max time kernel
49s
Max time network
132s
Command Line
com.blood.smsrecevier
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.blood.smsrecevier
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | customersupporthelp.wixsite.com | udp |
| US | 34.117.60.144:443 | customersupporthelp.wixsite.com | tcp |
| US | 1.1.1.1:53 | static.wixstatic.com | udp |
| GB | 108.156.46.5:443 | static.wixstatic.com | tcp |
| US | 1.1.1.1:53 | siteassets.parastorage.com | udp |
| US | 1.1.1.1:53 | static.parastorage.com | udp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 34.49.229.81:443 | static.parastorage.com | tcp |
| US | 1.1.1.1:53 | browser.sentry-cdn.com | udp |
| US | 151.101.66.217:443 | browser.sentry-cdn.com | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 216.58.204.72:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | sentry-next.wixpress.com | udp |
| US | 52.6.131.191:443 | sentry-next.wixpress.com | tcp |
| US | 52.6.131.191:443 | sentry-next.wixpress.com | tcp |
| US | 52.6.131.191:443 | sentry-next.wixpress.com | tcp |
| US | 52.6.131.191:443 | sentry-next.wixpress.com | tcp |
| US | 52.6.131.191:443 | sentry-next.wixpress.com | tcp |
| US | 52.6.131.191:443 | sentry-next.wixpress.com | tcp |
| US | 1.1.1.1:53 | www.wix.com | udp |
| US | 34.149.87.45:443 | www.wix.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.200.46:443 | tcp |
Files
N/A