Analysis Overview
SHA256
eaba8cd14be4fe2f1716a6b2ce295bb4100af62561e9ab658cc349016898af82
Threat Level: Shows suspicious behavior
The file eaba8cd14be4fe2f1716a6b2ce295bb4100af62561e9ab658cc349016898af82.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Makes use of the framework's Accessibility service
Declares services with permission to bind to the system
Requests dangerous framework permissions
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 22:37
Signatures
Declares services with permission to bind to the system
| Description | Indicator | Process | Target |
| Required by accessibility services to bind with the system. Allows apps to access accessibility features. | android.permission.BIND_ACCESSIBILITY_SERVICE | N/A | N/A |
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. | android.permission.CALL_PHONE | N/A | N/A |
| Allows read access to the device's phone number(s). | android.permission.READ_PHONE_NUMBERS | N/A | N/A |
| Allows an application to read the user's call log. | android.permission.READ_CALL_LOG | N/A | N/A |
| Allows an application to read the user's contacts data. | android.permission.READ_CONTACTS | N/A | N/A |
| Allows access to the list of accounts in the Accounts Service. | android.permission.GET_ACCOUNTS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 22:37
Reported
2024-06-13 22:40
Platform
android-x86-arm-20240611.1-en
Max time kernel
158s
Max time network
159s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 46.226.160.5:8080 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 4f56f33153159844ee197450523895fa |
| SHA1 | 4d49433909c940f5ab4f66b29f0ad583fbf24b50 |
| SHA256 | 9fa22818996ae72f4f77ea091c47229d6dc4308b6146c357c9bfaca38eae2a69 |
| SHA512 | 59ca8897102056c1e2525e00af0dcf1c897bbf790c5722579570d9b4e33fa921ceb8c8c85a8234874bf101fb07ce79b339aa3173471eefbedaa1546ccce73410 |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 20b75dc02c7a66b14f4bcfaa9d0ae262 |
| SHA1 | 48477433341ae7df82dc6da0a3d468de7eac8142 |
| SHA256 | a8d295f860c6dceb2439b7980e684eb9cc9f172134b1a8127a1d89f5b825cd69 |
| SHA512 | ce5752cee0b93074d2a9745c629376c23ed5cd1db130996fc5bed18c1af94effe21e0daac1fdb5f2c143103772ff1c949b736261d94ad691ab962e3c5e68af48 |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | 298556f5b6df0df828476dbc2ef52213 |
| SHA1 | 8f977dbb363bb97b9850661895ef1592da9111ad |
| SHA256 | 60ef1d0e80fa68ce3d53748415b2b069c373ec14cc69b17763b899fc7f63066b |
| SHA512 | 881ed2b74524109ad9718ed0be91f9ecc9cb183478b04806d38c13abb753b39a700c8ee4e8b8ed5075920b9bba194ebaef7295479b0d72bc25f10d89ac028942 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | fed49a57ca05845065ad8c9487469ee1 |
| SHA1 | 05ef4a3135163d5e8c627f6f51a8c96c65832bc7 |
| SHA256 | e473a7d8894f86d464aaa9c036720f99c05e0a50e022935830eea0686b2e01e5 |
| SHA512 | dc5f58e3b01efb409b121acea9cb1a9e17c03a1425dce03daa032aaa570d55a4c8b005d688666af158954f69da6ea5981995f2b3fc86d213ffa756185049a9c5 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 22:37
Reported
2024-06-13 22:40
Platform
android-x64-20240611.1-en
Max time kernel
159s
Max time network
159s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| RU | 46.226.160.5:8080 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| GB | 142.250.179.234:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.179.238:443 | android.apis.google.com | tcp |
| GB | 142.250.200.46:443 | tcp | |
| GB | 142.250.179.226:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.200.46:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 4f56f33153159844ee197450523895fa |
| SHA1 | 4d49433909c940f5ab4f66b29f0ad583fbf24b50 |
| SHA256 | 9fa22818996ae72f4f77ea091c47229d6dc4308b6146c357c9bfaca38eae2a69 |
| SHA512 | 59ca8897102056c1e2525e00af0dcf1c897bbf790c5722579570d9b4e33fa921ceb8c8c85a8234874bf101fb07ce79b339aa3173471eefbedaa1546ccce73410 |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 6f5b2bf4e0680e0609aeb030bb340d49 |
| SHA1 | 39fd7f8779390f6e087b2f27a8f5aa84e49ffacf |
| SHA256 | ea478df42c0195bf171f0269897baa5614bb1b653f97e194b4c99507f44c32a4 |
| SHA512 | e3fdd7cd776623410a90f22bdd22ef16dd8157d140e0224ddcb844c74ed61ab0a369c8e3d60ddba2daa21172626a5affe526da8e80a62e1e27fc5ccda306651d |
/data/data/org.zzzz.aaa/files/profileInstalled
| MD5 | b4c14cc7a866c00c85601bd13636ff33 |
| SHA1 | ce900d153e630ad202e56541158be920735e74c6 |
| SHA256 | 551917c556cef800af02ce6e54c948995d0631d900cccb3c0d0beb087530f1d4 |
| SHA512 | 9b969cb9221dbbd1c97a55ef4b918774da058d01093c155fe4b6b0723460eab684ab382d3ffd3876cd9b874e57a18ad0750f9b0d5f8985f56bb26143b8819144 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 3016ef9ec167a08de189a4e39d9c77c8 |
| SHA1 | 1bc07f9e7ac5374e8fbe548985c2826dfa24f573 |
| SHA256 | 841f307ba9bce20b483283bc1ab21dfd10c7ef9b4a81d529c239e1c16d521256 |
| SHA512 | f56ff1a30f2302ed63e51bd78cc23c50faf4b11a61f9e7674bf813dead7955ab3a31b2cd677e1fe11a2a0bd46b8e8ba64fadaa3a25c99feba5b0de074493f28a |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 22:37
Reported
2024-06-13 22:40
Platform
android-x64-arm64-20240611.1-en
Max time kernel
159s
Max time network
132s
Command Line
Signatures
Makes use of the framework's Accessibility service
| Description | Indicator | Process | Target |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfoByAccessibilityId | N/A | N/A |
| Framework service call | android.accessibilityservice.IAccessibilityServiceConnection.findAccessibilityNodeInfosByText | N/A | N/A |
Processes
org.zzzz.aaa
Network
| Country | Destination | Domain | Proto |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 216.58.212.234:443 | tcp | |
| GB | 216.58.212.234:443 | tcp | |
| RU | 46.226.160.5:8080 | tcp | |
| GB | 216.58.212.196:443 | tcp | |
| GB | 216.58.212.196:443 | tcp |
Files
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | 4f56f33153159844ee197450523895fa |
| SHA1 | 4d49433909c940f5ab4f66b29f0ad583fbf24b50 |
| SHA256 | 9fa22818996ae72f4f77ea091c47229d6dc4308b6146c357c9bfaca38eae2a69 |
| SHA512 | 59ca8897102056c1e2525e00af0dcf1c897bbf790c5722579570d9b4e33fa921ceb8c8c85a8234874bf101fb07ce79b339aa3173471eefbedaa1546ccce73410 |
/data/data/org.zzzz.aaa/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | bef107b2f1ac067db1d2d065fd1324c5 |
| SHA1 | 601fde124f4a767acb34afe77b511c884403fe87 |
| SHA256 | b3b1c8d3bff0262e1341318314832f87e12b49ff9ea340bcdad0d1e60bc22f4c |
| SHA512 | 9b805a0eaec82b3417205d44a0a65d4071c45da7adcab17095ce30ff5fa36e7d3d32432938bf324f69926ce91985de9e6c09f46dc5f26b756cc459b95c857b66 |
/data/misc/profiles/cur/0/org.zzzz.aaa/primary.prof
| MD5 | f3bab2bb7fb03d37547aa0daeec3bf97 |
| SHA1 | 5c4a82a3283f54538cf59b6518eaf6226cc1a763 |
| SHA256 | fd18743d47a0e5ea4ce3162085e90101a11a2bcdf0401faef1522195f9f30b25 |
| SHA512 | 4f7e6f73f0b5797783c63c31de2a083aa1f64aa8f63d96602fac92cae6a11fd380debdc45eca6f4144e071ac29342a60f1cdec6713d232a9b38dd692ff80742b |