Analysis Overview
SHA256
313f4313cb93748222fef220eff803a6f68464b00676838a22e5650988df2708
Threat Level: Shows suspicious behavior
The file 313f4313cb93748222fef220eff803a6f68464b00676838a22e5650988df2708.bin was found to be: Shows suspicious behavior.
Malicious Activity Summary
Obtains sensitive information copied to the device clipboard
Requests dangerous framework permissions
Queries the mobile country code (MCC)
Registers a broadcast receiver at runtime (usually for listening for system events)
Checks CPU information
Checks memory information
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-13 22:55
Signatures
Requests dangerous framework permissions
| Description | Indicator | Process | Target |
| Allows read only access to phone state, including the current cellular network information, the status of any ongoing calls, and a list of any PhoneAccounts registered on the device. | android.permission.READ_PHONE_STATE | N/A | N/A |
| Allows an application to read SMS messages. | android.permission.READ_SMS | N/A | N/A |
| Allows an application to receive SMS messages. | android.permission.RECEIVE_SMS | N/A | N/A |
| Allows an application to send SMS messages. | android.permission.SEND_SMS | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 22:55
Reported
2024-06-13 22:58
Platform
android-x86-arm-20240611.1-en
Max time kernel
47s
Max time network
150s
Command Line
Signatures
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
yes.debug.yesbnak
Network
| Country | Destination | Domain | Proto |
| GB | 172.217.169.74:443 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.187.238:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.238:443 | android.apis.google.com | tcp |
Files
/data/misc/profiles/cur/0/yes.debug.yesbnak/primary.prof
| MD5 | ddd79be88c7d44bb59b500e092d6a74a |
| SHA1 | 6f952d3196f6d4c9ec93ce7cb444f183394a89ff |
| SHA256 | 328a369549222509bd23434446dab3f195d12fd3da0e9766e49f6d9abc72a6ce |
| SHA512 | 473ec5af7bafb0d54b16103e352a7fafd3c785ae259f5e062b0b1d7275f0c24e1c4927d62deab5ccff2694859737985a979196a07859142004946c028ef873fd |
/data/data/yes.debug.yesbnak/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 200713f9cab449a2fa4424670258fd0d |
| SHA1 | f8d334da1d7e1d9107d3ae1e475996a01d5b25f2 |
| SHA256 | 6ccded98c0d8021e314a34b14f0f4c473be786998fd6ae6cbbf2ed4e9ef8876a |
| SHA512 | 58897882e363fcef8995caf2c987f890cfd81d1008b907a28b25367e5b63669c879b3c93576b87f7fbf6c7c330be139b751955eb44d3b9528bbf902475c7b3ce |
/data/data/yes.debug.yesbnak/files/profileInstalled
| MD5 | 31e69fcf7d5be4386a117bfb43f99d90 |
| SHA1 | 2ebe4ddb7d03f6df7a88de258cab83d26ac29ffe |
| SHA256 | 42de0b480f0ac351a8770bebe802346cbb2de4ddffb27c61226f413596cba1cd |
| SHA512 | 8c7cf37535e0f30f4036e913971ef36406aec2b37687d1c52def518734e482803bb77e3639669d0a3f2f47ebcb426fb72c5e86bca55d861f4ac3b47b98dea2ce |
/data/misc/profiles/cur/0/yes.debug.yesbnak/primary.prof
| MD5 | 7d615fb0eb1cabbc16f8882b5df8fd6f |
| SHA1 | 0289546e077d6df579b190dd00d8bac41bd55dc5 |
| SHA256 | ed5cdae5d2179a6c116b0a24f786e3ca66a9b00d5cac511f07d85e74ffc5ce94 |
| SHA512 | fa27cb95eeb4492307112e7df497491065b7cf15e6ee17bb6bb50e62c5e156d52fbdcafbbfb728a50f363c32a55f436239470a8a8be76f63a2e3f5eac1d53cfb |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 22:55
Reported
2024-06-13 22:58
Platform
android-x64-20240611.1-en
Max time kernel
26s
Max time network
149s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Queries the mobile country code (MCC)
| Description | Indicator | Process | Target |
| Framework service call | com.android.internal.telephony.ITelephony.getNetworkCountryIsoForPhone | N/A | N/A |
Registers a broadcast receiver at runtime (usually for listening for system events)
| Description | Indicator | Process | Target |
| Framework service call | android.app.IActivityManager.registerReceiver | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
yes.debug.yesbnak
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.180.8:443 | ssl.google-analytics.com | tcp |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| GB | 142.250.178.14:443 | tcp | |
| GB | 142.250.187.226:443 | tcp | |
| GB | 216.58.204.78:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp |
Files
/data/misc/profiles/cur/0/yes.debug.yesbnak/primary.prof
| MD5 | ddd79be88c7d44bb59b500e092d6a74a |
| SHA1 | 6f952d3196f6d4c9ec93ce7cb444f183394a89ff |
| SHA256 | 328a369549222509bd23434446dab3f195d12fd3da0e9766e49f6d9abc72a6ce |
| SHA512 | 473ec5af7bafb0d54b16103e352a7fafd3c785ae259f5e062b0b1d7275f0c24e1c4927d62deab5ccff2694859737985a979196a07859142004946c028ef873fd |
/data/data/yes.debug.yesbnak/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 60b215c2bb319b3b4575838a719865c2 |
| SHA1 | 4bbc5d9f9780b8edf56dbcd84e9a3b5f2b69afac |
| SHA256 | e937fe5674f65a80e905ca607887f113526dcdd22ccdf005e35cbb3ee881444e |
| SHA512 | fd20408c3cc6f124cd20296ad7f63a918b3c3e20a6d286d82e2d1bd3f76b3b45b02068af140d1d03876c0217032de73f2488e1ecac4b13f3f518f250b775de05 |
/data/data/yes.debug.yesbnak/files/profileInstalled
| MD5 | 7056165281e8fa89b5f4e7eeaa2e1760 |
| SHA1 | 0b81872249cc949c9d8db1adce54ddaa69c0c490 |
| SHA256 | b0cb711a2484849245ed98b297a8a31def901d99e559c510c6ef1493303adc7d |
| SHA512 | 9fb51c61455d16330ac514344854c6acea65cf17da1577aa0ccc4274e79dcf88b82394569268315efedc0721acfdd4a4cd54f0b2b71cd9eb68034582dd44f309 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-13 22:55
Reported
2024-06-13 22:58
Platform
android-x64-arm64-20240611.1-en
Max time kernel
26s
Max time network
133s
Command Line
Signatures
Obtains sensitive information copied to the device clipboard
| Description | Indicator | Process | Target |
| Framework service call | android.content.IClipboard.addPrimaryClipChangedListener | N/A | N/A |
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
yes.debug.yesbnak
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 172.217.16.234:443 | tcp | |
| GB | 172.217.16.234:443 | tcp | |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| GB | 142.250.187.200:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | cdn.jsdelivr.net | udp |
| US | 1.1.1.1:53 | code.jquery.com | udp |
| US | 1.1.1.1:53 | cdnjs.cloudflare.com | udp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.193.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 172.217.16.238:443 | android.apis.google.com | tcp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp |
Files
/data/misc/profiles/cur/0/yes.debug.yesbnak/primary.prof
| MD5 | ddd79be88c7d44bb59b500e092d6a74a |
| SHA1 | 6f952d3196f6d4c9ec93ce7cb444f183394a89ff |
| SHA256 | 328a369549222509bd23434446dab3f195d12fd3da0e9766e49f6d9abc72a6ce |
| SHA512 | 473ec5af7bafb0d54b16103e352a7fafd3c785ae259f5e062b0b1d7275f0c24e1c4927d62deab5ccff2694859737985a979196a07859142004946c028ef873fd |
/data/data/yes.debug.yesbnak/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat
| MD5 | 724aee5429997339b0b4e1223b49a068 |
| SHA1 | 0e8774dc328ebdcee3ece5df380ef1f6315e996b |
| SHA256 | 539a64593dee39e96a3e5f862de9eaa0294d5f80241a9b6cd07b2e7e1c48685f |
| SHA512 | db24a6233568cb6e2e7a793a3e52d25a7a77478df77d51d9cbd096bc6b073598a659127ce9b30a36076473e1669f340456ea9db1f21885c00b71afb4dee95c25 |