Analysis Overview
SHA256
f732d87a3001a1a8f774b630f639ee90bef7e0d6e79f44033f376b630a5ef493
Threat Level: Shows suspicious behavior
The file f732d87a3001a1a8f774b630f639ee90bef7e0d6e79f44033f376b630a5ef493.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Makes use of the framework's Accessibility service
Requests dangerous framework permissions
Declares services with permission to bind to the system
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 23:03
Signatures
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 23:03
Reported
2024-06-13 23:06
Platform
android-x64-arm64-20240611.1-en
Max time kernel
158s
Max time network
132s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 77.221.140.154:8080 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.201.110:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | ccf7100c15d31b55e8a304cffd725055 |
| SHA1 | 0cc70a14bf1dcdc4cf2fad5119cb138f3d78caab |
| SHA256 | ec72bea1fb1da7218ce21af3f1f7759495e5d249c37ae3697ca8e2f80b8ce5c1 |
| SHA512 | 6263bd3062b711a66abc3d1249af2ae8f128a4e858c7d742ace5437241876110d1c502b0dadbe4aaa0b7e5aac9e89be474d52db88738993b1917362cf2a23073 |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 9a2e47210a0b4f48d413209ba20e7a7a |
| SHA1 | 363069a3429c3d63947424ae93104b204a1e7ac6 |
| SHA256 | 07e7e147e050c1f5b3b8df8e3713a8835fc7220be4dd6635a1a07c3bbeb47a00 |
| SHA512 | d566e7367434e8359250c93059e215fea561c1b678e7c7dbec0be5d9b5b5b0be252e54807aa8372f2cd8e5a92c98fbe0a91afba73149b4057a9af0410a587f3e |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | e4ca222bddae98279de1ff65cee063b9 |
| SHA1 | 010b2b620877249572ecbc8799d16d4a35f5f687 |
| SHA256 | bed84c2dbee0487c74bffe5921dc0bd6ae735e4173bc69103be5f237a7f22830 |
| SHA512 | 180ad772d0d3b3838a3a9dc8a690682e872dea833c4cf51831e36632318df76cdc70cb8ed7fdf0b1fd112d6bb27476ebad5386f67aa87d28a0571c4cc1773e31 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 23:03
Reported
2024-06-13 23:06
Platform
android-x86-arm-20240611.1-en
Max time kernel
159s
Max time network
131s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 77.221.140.154:8080 | tcp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | ccf7100c15d31b55e8a304cffd725055 |
| SHA1 | 0cc70a14bf1dcdc4cf2fad5119cb138f3d78caab |
| SHA256 | ec72bea1fb1da7218ce21af3f1f7759495e5d249c37ae3697ca8e2f80b8ce5c1 |
| SHA512 | 6263bd3062b711a66abc3d1249af2ae8f128a4e858c7d742ace5437241876110d1c502b0dadbe4aaa0b7e5aac9e89be474d52db88738993b1917362cf2a23073 |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 5cdf36eeafa23b5bb051582c710c874a |
| SHA1 | b0d822bab6abc62fb32db5853a9e21868c45a5f1 |
| SHA256 | 50201966384f2e2e9a61eaea47a6bf828d2b97ef6f486c6daf033d72df459c00 |
| SHA512 | a8790a084ad5fb1946da7f1c38a22297ecd2fb1ba8c738f06889028e0231be6cfe3c51ffa70248edb4a258e590fd0e39f831c3f3d0921be7beb19be47e3dcd1e |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | 4a095382aa66b0655cfc22a5a12a1752 |
| SHA1 | bb93e341e471634b0f8d3795310eacd75a0aa477 |
| SHA256 | 9bb7de5d53dfe66564fcd1276e6844e111ecc8c6a0f20399aa98cc06477c206a |
| SHA512 | f8566c988985f801592394c53e9f1ab22672b0dded8751a001fef4511aeee7c5bc0308b5bc713708b750ad64763d6620932138a431a8892479b6d348a37a3ee1 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 684dc9ee8d21fee135292bad03a9f94f |
| SHA1 | 82523ec4518396c90cf16697391e44deb503dfb0 |
| SHA256 | 2f03d5989385cddc0a996a2d7084944ff70cc5d69da6b6118132fb5f29758a9c |
| SHA512 | 1cb522e6152db3f282c97b6de95223f848b3105026ba5169c81a9a29381bafa94247cc6cb056225c006a5ad2881b8968e1849610713504ea570af946d1b615d4 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 23:03
Reported
2024-06-13 23:06
Platform
android-x64-20240611.1-en
Max time kernel
158s
Max time network
151s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| RU | 77.221.140.154:8080 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.204.78:443 | android.apis.google.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.187.226:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | ccf7100c15d31b55e8a304cffd725055 |
| SHA1 | 0cc70a14bf1dcdc4cf2fad5119cb138f3d78caab |
| SHA256 | ec72bea1fb1da7218ce21af3f1f7759495e5d249c37ae3697ca8e2f80b8ce5c1 |
| SHA512 | 6263bd3062b711a66abc3d1249af2ae8f128a4e858c7d742ace5437241876110d1c502b0dadbe4aaa0b7e5aac9e89be474d52db88738993b1917362cf2a23073 |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 3f0b1814cd2659fec1e732eff5e43f31 |
| SHA1 | c50737494cec52ad2b9295b8dcaf0386d5364ba9 |
| SHA256 | 8c934e2af78f358a1423b3567a1224cd743f1c52df18c13b73853c03d626a879 |
| SHA512 | 6e769444a210a1591b6ef2d7dc6546df9299affdc4eebf312184d1ad714f99e313609ca769aa5b525be4423019c907869b2466a0fffd39a57ff5a77f0b045284 |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | e9385fe36e8fbeb8e3e80b42f950951b |
| SHA1 | eab140dbe5bf0a9d4ea1d3b34257bfb24bfa1bfa |
| SHA256 | 434b025a9524c98211bf4af8c45e0e6bf06f37ecf753dd08a282188b76ab3707 |
| SHA512 | 317bc1e8cac53f0e4ce05553ec3bb6dbc0c1841e4b44b645a38977a687e22049997bf5d60e778c3b0d3b9b2ce4fa1ddd879b98e2464620f53257c73ee088546e |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | d461e4a18a92b166a67f74a00ddaf520 |
| SHA1 | b6b26ebcb23574b14f27dc29172d6a2c45c396ae |
| SHA256 | 7ffe19e57658c105d84254ced7f1f446228adc6ce47fc8efdb210fc48728540f |
| SHA512 | ee202f6cd41cde3a42bcdf7d7df5eac49752ff46b3e72cdf00cdae04556da03b1b561f872ded223fa250e287e655acff29ccd62cb765b4bce5e0a3cb350fbc03 |