Analysis Overview
SHA256
5a1fa077eb45ff6f5829d93a0fc4e80f386260fee477deab00a6507528b2f574
Threat Level: Shows suspicious behavior
The file 5a1fa077eb45ff6f5829d93a0fc4e80f386260fee477deab00a6507528b2f574.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Makes use of the framework's Accessibility service
Declares services with permission to bind to the system
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 23:06
Signatures
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 23:06
Reported
2024-06-13 23:10
Platform
android-x86-arm-20240611.1-en
Max time kernel
120s
Max time network
159s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.204.74:443 | tcp | |
| US | 1.1.1.1:53 | semanticlocation-pa.googleapis.com | udp |
| RU | 77.221.140.154:8080 | tcp | |
| GB | 216.58.201.110:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.200.46:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | ccf7100c15d31b55e8a304cffd725055 |
| SHA1 | 0cc70a14bf1dcdc4cf2fad5119cb138f3d78caab |
| SHA256 | ec72bea1fb1da7218ce21af3f1f7759495e5d249c37ae3697ca8e2f80b8ce5c1 |
| SHA512 | 6263bd3062b711a66abc3d1249af2ae8f128a4e858c7d742ace5437241876110d1c502b0dadbe4aaa0b7e5aac9e89be474d52db88738993b1917362cf2a23073 |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | b8bc70ba9185a8259a9952a296efaf5e |
| SHA1 | 9b0d91472ba472275b34db083e70c6edde05c60e |
| SHA256 | 22443867941bc98a8a0eb1caa1a45add405bea02e5dea7712a27466598d157ed |
| SHA512 | 32b5c138f379de07a7ca5d0a9f528bdd44534c30a831986f387100ce365a6e4d399b4745b208904fe377d629eb1a4911d59912ca1c3c6f78631d78991b2ffe56 |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | c53799ea4bf2f096a5ea9c6c8faf52ea |
| SHA1 | 786254b38da96c3eb90537324f827de9474e87e4 |
| SHA256 | 726a575d556c707832c32a83b67a72aa87864fffe673adeb7a5bab8902452beb |
| SHA512 | fbc5b6996c1950db3f69dc96f4a68bf0745785246ec9a6c4271cc93754cc7741ae49c66515b5c0a8d96c139484dfab6c6859781024b15e45c416f83db95cc587 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 57a4df1dc1569fc3236281b0baf7def7 |
| SHA1 | 1a568b5ddff4d3384fbc9c67999b0ef0a6204b4f |
| SHA256 | a1806cdfeee610e73a5ca60757fb55f07938c537316080af3108b81398949319 |
| SHA512 | f60076e2b102034b4fb4730694d58db853ef427a68b6381e152a38ad4bdc05231315b95f715cdb9b27a8924f2926cb3991935c0718901d4b83f1ae2bd5321e01 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 23:06
Reported
2024-06-13 23:10
Platform
android-x64-20240611.1-en
Max time kernel
179s
Max time network
131s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 77.221.140.154:8080 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.40:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 216.58.213.14:443 | tcp | |
| GB | 172.217.169.42:443 | tcp | |
| GB | 172.217.169.42:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | ccf7100c15d31b55e8a304cffd725055 |
| SHA1 | 0cc70a14bf1dcdc4cf2fad5119cb138f3d78caab |
| SHA256 | ec72bea1fb1da7218ce21af3f1f7759495e5d249c37ae3697ca8e2f80b8ce5c1 |
| SHA512 | 6263bd3062b711a66abc3d1249af2ae8f128a4e858c7d742ace5437241876110d1c502b0dadbe4aaa0b7e5aac9e89be474d52db88738993b1917362cf2a23073 |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 80bfe2f0cedb6bb808eb1cd1ec9c7213 |
| SHA1 | 354ea29cd8181ba80a8876b5609c5091d833c4c1 |
| SHA256 | 13a5e1397b72248cf99801d32c84e301bb163dc4ddfd7bbe5d68949018d30cf4 |
| SHA512 | ae53539fd5dfb50b5b62340468cb77035b23f0321ad9c7080b31a19b6f666f231b94a44741ca1d7952f60391af910e72f42bf5377d4e759304f5d03988d12ca2 |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | 90556b6001808fa2ac2650b5ea921f6e |
| SHA1 | fd70f5f74e787f9f3ecc27a8cfcef00deb44eedf |
| SHA256 | f1b349675cf0065e27de60d3b6db2b4daf14e82dc820a8c5b935576d46efd95f |
| SHA512 | 54551237f95261e482f25a66ca937a0dc695e2d089e339d6929e179a68862c72af84b58112c0e4c8d6a2ce2f3a71e6a23dc6a10371c84423a38012f47c2a5848 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | d461e4a18a92b166a67f74a00ddaf520 |
| SHA1 | b6b26ebcb23574b14f27dc29172d6a2c45c396ae |
| SHA256 | 7ffe19e57658c105d84254ced7f1f446228adc6ce47fc8efdb210fc48728540f |
| SHA512 | ee202f6cd41cde3a42bcdf7d7df5eac49752ff46b3e72cdf00cdae04556da03b1b561f872ded223fa250e287e655acff29ccd62cb765b4bce5e0a3cb350fbc03 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 23:06
Reported
2024-06-13 23:10
Platform
android-x64-arm64-20240611.1-en
Max time kernel
178s
Max time network
132s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| RU | 77.221.140.154:8080 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.200.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | ccf7100c15d31b55e8a304cffd725055 |
| SHA1 | 0cc70a14bf1dcdc4cf2fad5119cb138f3d78caab |
| SHA256 | ec72bea1fb1da7218ce21af3f1f7759495e5d249c37ae3697ca8e2f80b8ce5c1 |
| SHA512 | 6263bd3062b711a66abc3d1249af2ae8f128a4e858c7d742ace5437241876110d1c502b0dadbe4aaa0b7e5aac9e89be474d52db88738993b1917362cf2a23073 |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | dcf00f776f7d46322d5e245d0c86a9d5 |
| SHA1 | 333535a91b7523a42bb6e171f5cb15fd2420f834 |
| SHA256 | 09f1609173513bdf2271d7f8a759d41305864d569bab1c4ed11bb88085fd72f7 |
| SHA512 | 32398fa177f20b46349c1009f337f7731048830cbeef530ade0b63c99ed216704842a27e873f88155edf43dbb8268ac50e7ed13d6f6eb38ae647f59f952a097d |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | e4ca222bddae98279de1ff65cee063b9 |
| SHA1 | 010b2b620877249572ecbc8799d16d4a35f5f687 |
| SHA256 | bed84c2dbee0487c74bffe5921dc0bd6ae735e4173bc69103be5f237a7f22830 |
| SHA512 | 180ad772d0d3b3838a3a9dc8a690682e872dea833c4cf51831e36632318df76cdc70cb8ed7fdf0b1fd112d6bb27476ebad5386f67aa87d28a0571c4cc1773e31 |