Analysis Overview
SHA256
2d09bfc51f91b5b15442f7041fd99a1ab10e0542a3b911391a9647bab0f64c06
Threat Level: Shows suspicious behavior
The file 2d09bfc51f91b5b15442f7041fd99a1ab10e0542a3b911391a9647bab0f64c06.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Makes use of the framework's foreground persistence service
Requests dangerous framework permissions
Registers a broadcast receiver at runtime (usually for listening for system events)
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 23:10
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 23:10
Reported
2024-06-13 23:13
Platform
android-x64-20240611.1-en
Max time kernel
8s
Max time network
150s
Command Line
Signatures
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
app.limits.up
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.178.8:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.178.10:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 216.58.213.14:443 | tcp | |
| GB | 142.250.178.14:443 | tcp | |
| GB | 216.58.201.98:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/data/app.limits.up/no_backup/androidx.work.workdb-journal
| MD5 | 0cf65fed405f33aaae6c7787dfe1c34f |
| SHA1 | 3c50984c4511909a6beec83b30b043d0f4ba5cee |
| SHA256 | f49a5e533cf56ba2ff7fc4526d5e954078d2f929b2334f121d47e933a5279416 |
| SHA512 | 8b434d47a14c485ac879d1c1eba9d05901d20c7d7e993b0eff75aa6bdcb69f6fc95de0d3e16111d15289cb3fb660d7765d16ad5ef7f72a48b7ada01c28834f9e |
/data/data/app.limits.up/no_backup/androidx.work.workdb
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/app.limits.up/no_backup/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/app.limits.up/no_backup/androidx.work.workdb-wal
| MD5 | f317915047b194a1e8bb86e9fb880d17 |
| SHA1 | d93ad5c181343f657bf80757c5f907f4c3047b33 |
| SHA256 | 62814adf6be52a28395acfa7308344eaeb9d5fd0b1b34243b130d8c844466a5a |
| SHA512 | acbd5308d5bbbc4fc3c3482c798f33726da865883ea1fff2054bc0242319d361262fbab64d0f4a75a933ab2a945abb1421f4754fe788e0698070da7733aa1616 |
/data/data/app.limits.up/no_backup/androidx.work.workdb-wal
| MD5 | f27787e01ef37743f6e26aa3ff23e966 |
| SHA1 | 9008a9a313bbad724ffd50301ca265be3e76a020 |
| SHA256 | b369d4221a0e330b3b0aa5a6b31afa78d4598b84b06309ca134dcc64f1b5c505 |
| SHA512 | bc1cf3e4c7db47586d23a03d2edc0bb2acca3506ae9b8f78215aa2195c7585db4ad4328b0d2cecd67b91082520539159fe6cebf8bf48cb02f30fd82020685cb9 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 23:10
Reported
2024-06-13 23:13
Platform
android-x64-arm64-20240611.1-en
Max time kernel
7s
Max time network
132s
Command Line
Signatures
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Processes
app.limits.up
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 172.217.16.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/data/app.limits.up/no_backup/androidx.work.workdb-journal
| MD5 | 99ede75ba54d5a3750b9430909c0ee7f |
| SHA1 | 97218163ea7d53dcbb300646e0c33b4f43b8a2d9 |
| SHA256 | dca0f0693b0503acef5210c668dd64316547bb958f7959cc40bcdaad0a50af5d |
| SHA512 | a00ab7b173a1225da5c96fbccabf4719d9175bf186a8a07d9f4932e07eb426997d361faf57df2ac3b07d0b92e09a0d5272edff3a525ec89f57a2c671e168dd79 |
/data/data/app.limits.up/no_backup/androidx.work.workdb
| MD5 | 7e858c4054eb00fcddc653a04e5cd1c6 |
| SHA1 | 2e056bf31a8d78df136f02a62afeeca77f4faccf |
| SHA256 | 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad |
| SHA512 | d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb |
/data/data/app.limits.up/no_backup/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/app.limits.up/no_backup/androidx.work.workdb-wal
| MD5 | 124534ad1bf20935e71c5270e13796aa |
| SHA1 | 869447964af5f2c1bcb826c7e2c5e5f9bf5956f8 |
| SHA256 | e04c3ada7bc4e8b322314130cec0d70a366d79a63bbd6a097b87a1ccde3e145c |
| SHA512 | 7969a2052fae47c9c3f845292085181166ade6c0acbd421bb6e878828654ed7710cd431731dcce922f0b9ef5e2d2bad944fdf5c7be810a832d3906d704d65686 |
/data/data/app.limits.up/no_backup/androidx.work.workdb-wal
| MD5 | 6eebcce3265f96af3ad82bc404b4975f |
| SHA1 | 0a34303bac2a7c4db6f95137a08a916b3aaf75d2 |
| SHA256 | 0775635f5c460fea1f358615713ab70ae4d5f40682b940754e8c2dcbc2f972dd |
| SHA512 | 9b87abace89e160e2cc0ed5c62109f79844c4549c17bdf8a61859b574fcef9ebf7d8aa20693532ce2a47afbb8d5e7f83896d860cfd8f1512d1422f61b7fc771a |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 23:10
Reported
2024-06-13 23:13
Platform
android-x86-arm-20240611.1-en
Max time kernel
7s
Max time network
131s
Command Line
Signatures
Makes use of the framework's foreground persistence service
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.setServiceForeground | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Processes
app.limits.up
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
Files
/data/data/app.limits.up/no_backup/androidx.work.workdb-journal
| MD5 | 34844ce62ccbbb91380dcd657b0c298c |
| SHA1 | 33c340fcf9776d428d1798a7eeb4da9df022baf3 |
| SHA256 | 2c335c0308988ff2aba33a1ee0d8b6e9080bd1100c33e376129ae97a095c859a |
| SHA512 | cc2d381bf9c4d40b2a28753abf93ad347bddf0faf713b86f8f33349e8c90b022710c3f4aff20e5214dce8ebc74272283218ebc059db5a070df91ee4ed00e01e5 |
/data/data/app.limits.up/no_backup/androidx.work.workdb
| MD5 | f2b4b0190b9f384ca885f0c8c9b14700 |
| SHA1 | 934ff2646757b5b6e7f20f6a0aa76c7f995d9361 |
| SHA256 | 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514 |
| SHA512 | ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1 |
/data/data/app.limits.up/no_backup/androidx.work.workdb-shm
| MD5 | bb7df04e1b0a2570657527a7e108ae23 |
| SHA1 | 5188431849b4613152fd7bdba6a3ff0a4fd6424b |
| SHA256 | c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479 |
| SHA512 | 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012 |
/data/data/app.limits.up/no_backup/androidx.work.workdb-wal
| MD5 | 8b3c01560479eed107486f6cde68a781 |
| SHA1 | 85fd5b015ecabba602599a8796dec3408426a1b7 |
| SHA256 | 95215acff1f8895eb309700cd37f82f625388af25797a1cef4dd7ee417afb822 |
| SHA512 | 89a0f3147c806b66b5ffc9f16afeb150a290177757b54acd53c000b6be92397ce3b58db18ea17ca83764615fe54c7b902a28a76fc1b78269572c1df8118383b8 |
/data/data/app.limits.up/no_backup/androidx.work.workdb-wal
| MD5 | e0eeb8e39ed15217fe3fb10c97913685 |
| SHA1 | 515441389b3863dbe854f1f34366cf664ba041f5 |
| SHA256 | 773048da61b01d537c774cce88b07d61bb69e270f4c5095af6bd77989d377f2b |
| SHA512 | 53ded2baef8d730745b4b4b2e5894fa4bbd9d4005ebb607d1f004b49a29f7d9de209972f8361a7517384cbec588ec0584fe17af22b804345116d66e669b8efcf |