Malware Analysis Report

2024-09-09 17:14

Sample ID 240613-25yd5svbpe
Target 2d09bfc51f91b5b15442f7041fd99a1ab10e0542a3b911391a9647bab0f64c06.bin
SHA256 2d09bfc51f91b5b15442f7041fd99a1ab10e0542a3b911391a9647bab0f64c06
Tags
evasion persistence
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

2d09bfc51f91b5b15442f7041fd99a1ab10e0542a3b911391a9647bab0f64c06

Threat Level: Shows suspicious behavior

The file 2d09bfc51f91b5b15442f7041fd99a1ab10e0542a3b911391a9647bab0f64c06.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

evasion persistence

Requests dangerous framework permissions

Makes use of the framework's foreground persistence service

Registers a broadcast receiver at runtime (usually for listening for system events)

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 23:10

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 23:10

Reported

2024-06-13 23:13

Platform

android-x86-arm-20240611.1-en

Max time kernel

7s

Max time network

131s

Command Line

app.limits.up

Signatures

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

app.limits.up

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp

Files

/data/data/app.limits.up/no_backup/androidx.work.workdb-journal

MD5 34844ce62ccbbb91380dcd657b0c298c
SHA1 33c340fcf9776d428d1798a7eeb4da9df022baf3
SHA256 2c335c0308988ff2aba33a1ee0d8b6e9080bd1100c33e376129ae97a095c859a
SHA512 cc2d381bf9c4d40b2a28753abf93ad347bddf0faf713b86f8f33349e8c90b022710c3f4aff20e5214dce8ebc74272283218ebc059db5a070df91ee4ed00e01e5

/data/data/app.limits.up/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/app.limits.up/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/app.limits.up/no_backup/androidx.work.workdb-wal

MD5 8b3c01560479eed107486f6cde68a781
SHA1 85fd5b015ecabba602599a8796dec3408426a1b7
SHA256 95215acff1f8895eb309700cd37f82f625388af25797a1cef4dd7ee417afb822
SHA512 89a0f3147c806b66b5ffc9f16afeb150a290177757b54acd53c000b6be92397ce3b58db18ea17ca83764615fe54c7b902a28a76fc1b78269572c1df8118383b8

/data/data/app.limits.up/no_backup/androidx.work.workdb-wal

MD5 e0eeb8e39ed15217fe3fb10c97913685
SHA1 515441389b3863dbe854f1f34366cf664ba041f5
SHA256 773048da61b01d537c774cce88b07d61bb69e270f4c5095af6bd77989d377f2b
SHA512 53ded2baef8d730745b4b4b2e5894fa4bbd9d4005ebb607d1f004b49a29f7d9de209972f8361a7517384cbec588ec0584fe17af22b804345116d66e669b8efcf

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 23:10

Reported

2024-06-13 23:13

Platform

android-x64-20240611.1-en

Max time kernel

8s

Max time network

150s

Command Line

app.limits.up

Signatures

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Processes

app.limits.up

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.178.10:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 172.217.16.238:443 android.apis.google.com tcp
GB 216.58.213.14:443 tcp
GB 142.250.178.14:443 tcp
GB 216.58.201.98:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/app.limits.up/no_backup/androidx.work.workdb-journal

MD5 0cf65fed405f33aaae6c7787dfe1c34f
SHA1 3c50984c4511909a6beec83b30b043d0f4ba5cee
SHA256 f49a5e533cf56ba2ff7fc4526d5e954078d2f929b2334f121d47e933a5279416
SHA512 8b434d47a14c485ac879d1c1eba9d05901d20c7d7e993b0eff75aa6bdcb69f6fc95de0d3e16111d15289cb3fb660d7765d16ad5ef7f72a48b7ada01c28834f9e

/data/data/app.limits.up/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/app.limits.up/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/app.limits.up/no_backup/androidx.work.workdb-wal

MD5 f317915047b194a1e8bb86e9fb880d17
SHA1 d93ad5c181343f657bf80757c5f907f4c3047b33
SHA256 62814adf6be52a28395acfa7308344eaeb9d5fd0b1b34243b130d8c844466a5a
SHA512 acbd5308d5bbbc4fc3c3482c798f33726da865883ea1fff2054bc0242319d361262fbab64d0f4a75a933ab2a945abb1421f4754fe788e0698070da7733aa1616

/data/data/app.limits.up/no_backup/androidx.work.workdb-wal

MD5 f27787e01ef37743f6e26aa3ff23e966
SHA1 9008a9a313bbad724ffd50301ca265be3e76a020
SHA256 b369d4221a0e330b3b0aa5a6b31afa78d4598b84b06309ca134dcc64f1b5c505
SHA512 bc1cf3e4c7db47586d23a03d2edc0bb2acca3506ae9b8f78215aa2195c7585db4ad4328b0d2cecd67b91082520539159fe6cebf8bf48cb02f30fd82020685cb9

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 23:10

Reported

2024-06-13 23:13

Platform

android-x64-arm64-20240611.1-en

Max time kernel

7s

Max time network

132s

Command Line

app.limits.up

Signatures

Makes use of the framework's foreground persistence service

evasion persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.setServiceForeground N/A N/A

Processes

app.limits.up

Network

Country Destination Domain Proto
GB 142.250.187.206:443 tcp
GB 142.250.187.206:443 tcp
N/A 224.0.0.251:5353 udp
GB 172.217.16.234:443 tcp
GB 172.217.16.234:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.16.232:443 ssl.google-analytics.com tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/app.limits.up/no_backup/androidx.work.workdb-journal

MD5 99ede75ba54d5a3750b9430909c0ee7f
SHA1 97218163ea7d53dcbb300646e0c33b4f43b8a2d9
SHA256 dca0f0693b0503acef5210c668dd64316547bb958f7959cc40bcdaad0a50af5d
SHA512 a00ab7b173a1225da5c96fbccabf4719d9175bf186a8a07d9f4932e07eb426997d361faf57df2ac3b07d0b92e09a0d5272edff3a525ec89f57a2c671e168dd79

/data/data/app.limits.up/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/app.limits.up/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/app.limits.up/no_backup/androidx.work.workdb-wal

MD5 124534ad1bf20935e71c5270e13796aa
SHA1 869447964af5f2c1bcb826c7e2c5e5f9bf5956f8
SHA256 e04c3ada7bc4e8b322314130cec0d70a366d79a63bbd6a097b87a1ccde3e145c
SHA512 7969a2052fae47c9c3f845292085181166ade6c0acbd421bb6e878828654ed7710cd431731dcce922f0b9ef5e2d2bad944fdf5c7be810a832d3906d704d65686

/data/data/app.limits.up/no_backup/androidx.work.workdb-wal

MD5 6eebcce3265f96af3ad82bc404b4975f
SHA1 0a34303bac2a7c4db6f95137a08a916b3aaf75d2
SHA256 0775635f5c460fea1f358615713ab70ae4d5f40682b940754e8c2dcbc2f972dd
SHA512 9b87abace89e160e2cc0ed5c62109f79844c4549c17bdf8a61859b574fcef9ebf7d8aa20693532ce2a47afbb8d5e7f83896d860cfd8f1512d1422f61b7fc771a