Malware Analysis Report

2024-09-09 13:01

Sample ID 240613-2nz7eatdka
Target 0b1fdfe56341cbec5b724ee79c6f7ea528d89b1c5af9898418128b037b55ed51.bin
SHA256 0b1fdfe56341cbec5b724ee79c6f7ea528d89b1c5af9898418128b037b55ed51
Tags
collection credential_access impact discovery persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

0b1fdfe56341cbec5b724ee79c6f7ea528d89b1c5af9898418128b037b55ed51

Threat Level: Shows suspicious behavior

The file 0b1fdfe56341cbec5b724ee79c6f7ea528d89b1c5af9898418128b037b55ed51.bin was found to be: Shows suspicious behavior.

Malicious Activity Summary

collection credential_access impact discovery persistence

Obtains sensitive information copied to the device clipboard

Queries the mobile country code (MCC)

Declares services with permission to bind to the system

Requests dangerous framework permissions

Registers a broadcast receiver at runtime (usually for listening for system events)

Checks memory information

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 22:44

Signatures

Declares services with permission to bind to the system

Description Indicator Process Target
Required by notification listener services to bind with the system. Allows apps to listen to and interact with notifications on the device. android.permission.BIND_NOTIFICATION_LISTENER_SERVICE N/A N/A

Requests dangerous framework permissions

Description Indicator Process Target
Allows an app to access approximate location. android.permission.ACCESS_COARSE_LOCATION N/A N/A
Allows an app to access precise location. android.permission.ACCESS_FINE_LOCATION N/A N/A
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to read SMS messages. android.permission.READ_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A
Allows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call. android.permission.CALL_PHONE N/A N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 22:44

Reported

2024-06-13 22:47

Platform

android-x64-arm64-20240611.1-en

Max time kernel

140s

Max time network

132s

Command Line

com.example.myapplication

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.example.myapplication

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.238:443 android.apis.google.com tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.8:443 ssl.google-analytics.com tcp
GB 142.250.180.4:443 tcp
GB 142.250.180.4:443 tcp

Files

/data/data/com.example.myapplication/logs/20240613224436853.log

MD5 f31545e6277d17a9380730360f305cc6
SHA1 565c0aa17c0d6f978598012f5edf3aa1fe2d6689
SHA256 c89338e22fc2fb3217d8fbd3e121e8dbbf2ee1d7f5fda222be1515311f6ccf44
SHA512 0712b10339f55c9eb22ed6c5b28981eba9cfdfb32bc623a4b8227667981cd0468c7872b5bcd5e720ec21dde8de04559e815f5df73432c0d418a7df7cbbe70ac5

/data/data/com.example.myapplication/logs/20240613224436856.log

MD5 ae77f67da240780d512ecf1d84777224
SHA1 8326f8a01e4b3f4a502a015f9a0d07a89bd392dc
SHA256 c0f87118a4b4f6c3d808b1aac83fade7c43ab63becc259cd26933144405668b2
SHA512 f19ef4ecb301f93c6d03f24262e836ddc6ea3b5322b58a73bc4b042188ed7aa23c211bfeedac27108f324ba4b57ea4b2745f7b332d4124bce7409533a601373c

/data/data/com.example.myapplication/logs/20240613224436859.log

MD5 774a6df892ce8d9331fea4995e98d9a5
SHA1 51d9bc6af75907c1d4ee3eb081846e20a3b1527d
SHA256 200be9188691756b3342276cdb983b7b8beb082290af58a183e30fbbb1d99ca2
SHA512 f4315a92caf9b9e2818f70d8e8749c391c5f69149eadb3ccb32918fcb89efe5e0b23a8569f049f8f04db9a4ed72b9762108774d621682996fb41cf047f48867c

/data/data/com.example.myapplication/no_backup/androidx.work.workdb-journal

MD5 e24900d53d6e81f6e705b25acc0bafeb
SHA1 026a185ccc596df81855e7946a1c3b57752dc569
SHA256 4b87488c299048f6ea6e2f64a4fb548bf9fcb3f633c677e9b4d90b29e838e785
SHA512 f8c8560ea16d063056c55787fee794a6c462d037a3b5cd8e44266afe4f433115629c7a4dd933075c3acf6fbd49be13e4955c2615fbba85636846cd2a62e2152f

/data/data/com.example.myapplication/no_backup/androidx.work.workdb

MD5 7e858c4054eb00fcddc653a04e5cd1c6
SHA1 2e056bf31a8d78df136f02a62afeeca77f4faccf
SHA256 9010186c5c083155a45673017d1e31c2a178e63cc15a57bbffde4d1956a23dad
SHA512 d0c7a120940c8e637d5566ef179d01eff88a2c2650afda69ad2a46aad76533eaace192028bba3d60407b4e34a950e7560f95d9f9b8eebe361ef62897d88b30cb

/data/data/com.example.myapplication/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.example.myapplication/no_backup/androidx.work.workdb-wal

MD5 985664ec49a371ab6e92e21e71c683ee
SHA1 9b1f1147d5c1866c8a9c0b3fb061e9ea0edc6c87
SHA256 96520d771d0fc9b6e523916df2818e7df767d5085d7311d4374106760872ab23
SHA512 62c5c13a0b707f9b6811c340ecc1998f0057a09b68ece8f53113bf13191bffb38ebd17abf156ad41df5399945f6451218b0ab7ac762b325bcc52db6f40b23b8a

/data/data/com.example.myapplication/no_backup/androidx.work.workdb-wal

MD5 1ec0bd4d8b2f15de715c647e81b27c7b
SHA1 101350c0eecfc36b3118f6176cebd67495b186de
SHA256 78c8f3e311919423ba4e78583f3d950e4bd371544b44d84f530ee7cf3fe5c084
SHA512 51fdb2358c20f3446a79b41d28cf3c3572ecba00a2834e708a286281e898b88c29dd55aa39fbc6bafeee2d49aec63de28799a00dae6ada6e3b6600e0b0e7576d

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 22:44

Reported

2024-06-13 22:48

Platform

android-x86-arm-20240611.1-en

Max time kernel

47s

Max time network

176s

Command Line

com.example.myapplication

Signatures

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.example.myapplication

Network

Country Destination Domain Proto
GB 172.217.169.74:443 tcp
N/A 224.0.0.251:5353 udp
GB 216.58.212.234:443 tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp
GB 172.217.169.74:443 semanticlocation-pa.googleapis.com tcp

Files

/data/data/com.example.myapplication/logs/20240613224509719.log

MD5 7a45f20155b82b091d69b1d5c4d76cdf
SHA1 d30b8e9ccaa3da8090d17bda65cbed3e97ed3fec
SHA256 325016fc102033d73e9c98f9219e66223111ec368a1f185598f245a227fd3621
SHA512 f34776490c9a048521c5ec384d2c141e2ca38a07e1a79435454ac08784a127f0fd8aa51d1433d221eb6ba2b48e74e73ef2b01a1129365b45490d79ec364d7f7d

/data/data/com.example.myapplication/logs/20240613224509776.log

MD5 62b2112a494b7b509953ae2a6820ecff
SHA1 c7c1ce52b2290ea6a5f0cd9615d15b43029f07ba
SHA256 dc96ff05a0ad7d0c5ecea4d329d8686a54592a16d05804d14c19b99d0689bb52
SHA512 9eccda00a9cae73c9bb91550f9d4dc09aab9557132a742def7b0fdcc0ea30d489fcc3987fb0d96d32295ac5ae9ee334cb9da72d36c2d33569439df07b6b95621

/data/data/com.example.myapplication/logs/20240613224509791.log

MD5 69301b656d37c98616e464cfb060a399
SHA1 8ce154ae0e4a1499d522583275f91e85ea069de4
SHA256 9bf43c8667bb95f382a71efb9ae16f9367ef03f0e05f012f8e060705508b7833
SHA512 8b226860334b36664a1253df147674b6197fe65ab014ba31ccb8730c76c26c3b6021cf39658394a96817c37400a551c54e518de9c928a10ea5a16735ecaf8d92

/data/data/com.example.myapplication/no_backup/androidx.work.workdb-journal

MD5 2377a3d5682d82d1efcb64518b0223d7
SHA1 d2d6134f9912d316073e3c127e7b5d7188450fe8
SHA256 75d6449c0c23e611cb0c513b9a56a354c1bb1c390b42dd02c6407567a1697cd7
SHA512 f086374cb226525bcb2e0654adfdff55122fd2a420f303d8bbb81ff71c5415e106c1e1bb8637f39fdc141749ee154194492778b6b84395732829ba49dbb39a9b

/data/data/com.example.myapplication/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.example.myapplication/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.example.myapplication/no_backup/androidx.work.workdb-wal

MD5 d422d2a62d9eea90d29464f55fab04c8
SHA1 de20a033bb850d2156504c4b388f1c145a14696f
SHA256 8512c5c5f7c3b3996557b5aa084590930b23fc30b8aded67e656fdbdcb2c79c0
SHA512 b64373db628ce6a084882ace55abeda85d3a308db1cf2422d24dd28534fff0d7e82c78c260ab98fb1776a7900b5cc25c278b77eec87218a79fb73de9ff045954

/data/data/com.example.myapplication/no_backup/androidx.work.workdb-wal

MD5 606233e8d95e514f490bbc918d9693ea
SHA1 9506cd51df7fe65089cb2f740041b98b6870142b
SHA256 6ee2b214390b483eabeb2710fd74a5a9b72652d6489e843a9d72da3fe837e5e7
SHA512 2089c0676585031ae3439f365441554c1f8d274f6405a5084513b63647a5cd8b498e5b4405c966cab5c1a24f9809698e991e3cbe4f50c5c00f0d4abbc3c9e5a0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 22:44

Reported

2024-06-13 22:47

Platform

android-x64-20240611.1-en

Max time kernel

54s

Max time network

184s

Command Line

com.example.myapplication

Signatures

Obtains sensitive information copied to the device clipboard

collection credential_access impact
Description Indicator Process Target
Framework service call android.content.IClipboard.addPrimaryClipChangedListener N/A N/A

Queries the mobile country code (MCC)

discovery
Description Indicator Process Target
Framework service call com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone N/A N/A

Registers a broadcast receiver at runtime (usually for listening for system events)

persistence
Description Indicator Process Target
Framework service call android.app.IActivityManager.registerReceiver N/A N/A

Checks memory information

Description Indicator Process Target
File opened for read /proc/meminfo N/A N/A

Processes

com.example.myapplication

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 216.58.204.72:443 ssl.google-analytics.com tcp
US 1.1.1.1:53 android.apis.google.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
GB 142.250.178.14:443 tcp
GB 216.58.201.98:443 tcp
GB 216.58.213.14:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp

Files

/data/data/com.example.myapplication/logs/20240613224435935.log

MD5 a2e7f722e099ce628b70c4667c1df8fb
SHA1 54cf30b5f23cedef18e83acd77f5c38273dd4803
SHA256 f162ae56e4a70b5f5dc8f436dd401938c66969a8930454b7975f40cc418fec5c
SHA512 9d8a04f6603f9a686dc6263a1363d3f65be433c114494ae19c6839a72c2fc43f74fbd976fe7d7b3239012480faef4313f130c5bdda37ff7c55de7d8a8f1946a2

/data/data/com.example.myapplication/logs/20240613224435938.log

MD5 dcd196765d7e187f22d7becc0a6dc951
SHA1 bae9f22138438063195f647a6bc0f1b26c359d45
SHA256 bf7dc601898720c6285f8320393c47f985b1999b0d6dd59776710e90c6830d2b
SHA512 267c9c18baf3cc672e6292501d98658b8fea215de5458adcd99e93573b49fd9ec14bda7a533592361f80192a730df14d40b6fca0c588780789547a065f10fc16

/data/data/com.example.myapplication/logs/20240613224435948.log

MD5 ea9f8cf4ad970dd72163ee25e5939a27
SHA1 fd339db54dee32a832f6ff818c6ab04f8e517b1a
SHA256 528492bd70dbf2274b0acb67fbf1e95f7757f6743a3934d991af59e271b927a1
SHA512 6711bdfc3cfc801d6ed2ac8fe8f07af1dcb1d001f919a145a6d29e2c492b58c3dddb116d0167877fa54ff5785d7464427a7cd58379cf1ec0f5f92d9f1a960c5d

/data/data/com.example.myapplication/no_backup/androidx.work.workdb-journal

MD5 0c9712b7d41f5b86484788f9a762de94
SHA1 a1ec80759e6f21648a8715d4a99264b3c6c77b37
SHA256 20edced0ff026b8dd25c92516098838ee40373e15912da05babde792b8346a5a
SHA512 fb51470bd90b927e225b0911e73fe3ee9ddcb05913d887864b23d3686b1471b2554236148914c940b201323e182608dbd57898e200f645530ece8b72229b727b

/data/data/com.example.myapplication/no_backup/androidx.work.workdb

MD5 f2b4b0190b9f384ca885f0c8c9b14700
SHA1 934ff2646757b5b6e7f20f6a0aa76c7f995d9361
SHA256 0a8ffb6b327963558716e87db8946016d143e39f895fa1b43e95ba7032ce2514
SHA512 ec12685fc0d60526eed4d38820aad95611f3e93ae372be5a57142d8e8a1ba17e6e5dfe381a4e1365dddc0b363c9c40daaffdc1245bd515fddac69bf1abacd7f1

/data/data/com.example.myapplication/no_backup/androidx.work.workdb-shm

MD5 bb7df04e1b0a2570657527a7e108ae23
SHA1 5188431849b4613152fd7bdba6a3ff0a4fd6424b
SHA256 c35020473aed1b4642cd726cad727b63fff2824ad68cedd7ffb73c7cbd890479
SHA512 768007e06b0cd9e62d50f458b9435c6dda0a6d272f0b15550f97c478394b743331c3a9c9236e09ab5b9cb3b423b2320a5d66eb3c7068db9ea37891ca40e47012

/data/data/com.example.myapplication/no_backup/androidx.work.workdb-wal

MD5 f12f80b7c5fdf19c70096de4a891fb66
SHA1 7fbd2232d3958dca297045de704ef5e799c5f701
SHA256 429bd8b807fa068e986a4f7e0c21701f1574fa5e66d50f6eb7bafcc4145fd115
SHA512 4f427dc40d8dea56da68398179b30c8735a6a393d064dc702de94598d21e88d8860514233fde40d0769e8200fd50abd3d424c05b0bba9c387a34b7b8cd2e94ec

/data/data/com.example.myapplication/no_backup/androidx.work.workdb-wal

MD5 f97ad09d31a852dfbb9b019bf9a4da96
SHA1 1afba3ee1a64e20828cd2fa60c365fb9d3c5feb4
SHA256 f1b6ef7db1e4df74118d4ae3a321adb40b751a1fa1bab46b2161cc92c26cc650
SHA512 240ff48fe5c20c69a25edc5ec2377ed7ef55b7a444abf66d5617b8a070b306a63ee7df11243349742e8136cb06338dcb4adbfeb5d7cb6ffc912f9305fb80411c