Malware Analysis Report

2024-07-28 14:27

Sample ID 240613-2y3ehstgrh
Target CSC SERVICE JOIN.apk
SHA256 c715dc7767d42aacc4b18f0e08f0a7f82d0d54bb72b9df438630ed36c3242dce
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

c715dc7767d42aacc4b18f0e08f0a7f82d0d54bb72b9df438630ed36c3242dce

Threat Level: Shows suspicious behavior

The file CSC SERVICE JOIN.apk was found to be: Shows suspicious behavior.

Malicious Activity Summary


Requests dangerous framework permissions

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 23:00

Signatures

Requests dangerous framework permissions

Description Indicator Process Target
Allows an application to receive SMS messages. android.permission.RECEIVE_SMS N/A N/A
Allows an application to send SMS messages. android.permission.SEND_SMS N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 23:00

Reported

2024-06-13 23:31

Platform

android-x64-20240611.1-en

Max time kernel

1122s

Max time network

1791s

Command Line

com.example.smsread

Signatures

N/A

Processes

com.example.smsread

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.178.8:443 ssl.google-analytics.com tcp
GB 142.250.179.234:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.206:443 android.apis.google.com tcp
GB 216.58.204.78:443 tcp
GB 142.250.200.14:443 tcp
GB 172.217.169.66:443 tcp
GB 216.58.201.100:443 tcp
GB 216.58.201.100:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
GB 216.58.212.234:443 semanticlocation-pa.googleapis.com tcp
US 1.1.1.1:53 g.tenor.com udp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 semanticlocation-pa.googleapis.com udp
BE 64.233.184.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.169.68:443 www.google.com tcp

Files

/data/misc/profiles/cur/0/com.example.smsread/primary.prof

MD5 9a6a54252b72bfa0ea252ab8483fc07f
SHA1 c90154853f3f288900adc62550e9244056ed1f4a
SHA256 31e53c5a9e125f0dd40a697994eadc2786fb58d369a8f35f7ccc22ab20646579
SHA512 45d98780c0e53fb8dfdbff25140b8fcdb282e3ab49548974e7c9b38d630b1c3f3950519a6e4bbaf7a867c337f566e95e5c4b9573318cadf2544828c81f4ebf5b

/data/data/com.example.smsread/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 5638242657975d6576a3f50de9f1447b
SHA1 8abe69e52637a3aab486be19b9143ff8583eaa32
SHA256 8aeebbc4e356b2d3b21b407f62a7742329a75715826742bba35dd2e1aa214584
SHA512 0eb8a8a7f1bf2881be14081ae466f7e61aa48c5f461842dceb3b92452a87fd305676c851599d3a4ded018fb027d38a6680a67060151e0a08b7015f96324961ef

/data/data/com.example.smsread/files/profileInstalled

MD5 27d3926691f0cae7926442d801b4205e
SHA1 9b02a18a09061c8f06a37abdf210e3e9a23d0afc
SHA256 7197547474062fa928b3c6ea95c0206406553f2b28ebdcc702febde2d4603a18
SHA512 24069121ca4d3b864f52a3d82ea65a49db8d028a9265814a6b5472f5fbfa3dd195aca6a325ec58dda8ff4198004e38b46432f1259ad6e90c84d6b95ee7862113

/data/misc/profiles/cur/0/com.example.smsread/primary.prof

MD5 2fa8aecdb091eff5067a919dc7ac303c
SHA1 7d5bc846b04ffa7d699b3bfa62b565b892c8b2f2
SHA256 6cc829af8c9049e2f75e6667d813e9c5973fa1333296d141da33435da3ed4a0f
SHA512 81dfb4c6e71849c21e9ac3d4d9545c9319340f8ce23399b69f9c7aba51452b9fff67590ede9d96aa165ace4f957f17ca861e3bc9c25d92bb5955e2dfeccd4ff2

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-13 23:00

Reported

2024-06-13 23:31

Platform

android-x64-arm64-20240611.1-en

Max time kernel

8s

Max time network

1811s

Command Line

com.example.smsread

Signatures

N/A

Processes

com.example.smsread

Network

Country Destination Domain Proto
GB 172.217.16.238:443 tcp
GB 172.217.16.238:443 tcp
N/A 224.0.0.251:5353 udp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 172.217.169.40:443 ssl.google-analytics.com tcp
GB 172.217.169.68:443 tcp
GB 172.217.169.68:443 tcp
GB 142.250.180.2:443 tcp
GB 216.58.204.67:443 tcp
GB 142.250.187.206:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.187.238:443 android.apis.google.com tcp
BE 142.251.5.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 142.250.187.228:443 www.google.com tcp

Files

/data/misc/profiles/cur/0/com.example.smsread/primary.prof

MD5 9a6a54252b72bfa0ea252ab8483fc07f
SHA1 c90154853f3f288900adc62550e9244056ed1f4a
SHA256 31e53c5a9e125f0dd40a697994eadc2786fb58d369a8f35f7ccc22ab20646579
SHA512 45d98780c0e53fb8dfdbff25140b8fcdb282e3ab49548974e7c9b38d630b1c3f3950519a6e4bbaf7a867c337f566e95e5c4b9573318cadf2544828c81f4ebf5b

/data/data/com.example.smsread/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 1f505bd134713410304f743e9790f7ba
SHA1 c06da290ef254d43a137a423c4c1796b07a63f05
SHA256 2ba5059ee0b2a161969f6cfd56bfa362c2aafea1e6b240af8c3c4168d0023eea
SHA512 1214bedace23627ebe33ecf396ee10915fe503778625010e03ba8fae4b9d6ef23d860c30118874fbad446858a115cc2c37fca0561459cc1ce9831edde8176198

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-13 23:00

Reported

2024-06-13 23:31

Platform

android-33-x64-arm64-20240611.1-en

Max time kernel

9s

Max time network

1690s

Command Line

com.example.smsread

Signatures

N/A

Processes

com.example.smsread

Network

Country Destination Domain Proto
GB 172.217.169.68:443 udp
GB 172.217.169.68:443 udp
BE 142.250.110.188:5228 tcp
GB 172.217.16.228:443 tcp
N/A 224.0.0.251:5353 udp
US 172.64.41.3:443 tcp
US 172.64.41.3:443 tcp
GB 142.250.187.195:443 tcp
US 172.64.41.3:443 udp
GB 142.250.187.195:443 udp
GB 172.217.169.68:443 udp
GB 172.217.169.68:443 tcp
GB 216.58.212.227:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.200.40:443 tcp
GB 142.250.178.2:443 tcp
GB 142.250.178.2:443 tcp
GB 172.217.169.6:80 tcp
GB 172.217.169.6:443 tcp
GB 142.250.178.2:443 tcp
GB 142.250.187.206:443 tcp
GB 216.58.212.206:443 tcp
US 216.239.34.36:443 tcp
GB 216.58.212.227:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.213.4:443 www.google.com udp
US 172.64.41.3:443 tcp
US 162.159.61.3:443 tcp
GB 216.58.212.227:443 tcp
GB 216.58.212.227:443 tcp
GB 216.58.212.227:443 tcp
US 1.1.1.1:53 www.google.com udp
GB 216.58.201.100:443 www.google.com udp
US 1.1.1.1:53 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp

Files

/data/misc/profiles/cur/0/com.example.smsread/primary.prof

MD5 066db89af2f9780d039df27ef3789a49
SHA1 89f85259ddce8f23a86647cf13a3b9d020cda336
SHA256 96d8ad4adbeb89d2df56df316dd8186a65bd384759e56ba3ea1f281581a3aa17
SHA512 5497d20df3220d5c6bfbef7d82aa85fb0a29733640553b2e40e0b85fbeb4852b4be793a42d619b0daf7b020edf7dcbaa58803b97aeb45a765a3649349b617672

/data/data/com.example.smsread/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 a67c55bd2438ca6195efcb01a06e0ae0
SHA1 051dc4a64d99f2960e1fb833967742148f062a3c
SHA256 370827c9566b0a717a9e4752f8b52673c59cbda4b0c0db499532bbd6fdcd5fa6
SHA512 bc465a2a55eb2b256ce8bdae01e052d23b04eb7f3d8508b55127902228c67bb8731689418a4d0871b058b342be5aab03825b2250ffe999dd960c45a1e4900b42

/data/data/com.example.smsread/files/profileInstalled

MD5 5881559e2abe68a77e857a693f0039b7
SHA1 90f569aa26dbc16a87b46ec7e924096589680070
SHA256 f3a899c8a4c3e5ccfa46b8db6fc6f2e90615c213bc5e0204411d76f28a4072b9
SHA512 b28cd17a09f1ee0a6262e6a471cb9aa385483b51b55d9dd4d82aff682809c3544dbba6b836f13aba41fda712eb5d9aa60a2dc4a6a43edcaf5a979ac3a92d93b7

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-13 23:00

Reported

2024-06-13 23:31

Platform

android-x86-arm-20240611.1-en

Max time kernel

8s

Max time network

1829s

Command Line

com.example.smsread

Signatures

N/A

Processes

com.example.smsread

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 216.58.212.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.178.14:443 android.apis.google.com tcp
GB 216.58.201.99:80 tcp
GB 142.250.180.4:443 tcp
GB 172.217.169.34:443 tcp
GB 142.250.187.227:443 tcp
GB 172.217.16.238:443 tcp
GB 142.250.187.227:443 tcp
GB 172.217.16.238:443 tcp
GB 142.250.187.227:443 tcp
GB 142.250.187.227:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.46:443 android.apis.google.com tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.200.14:443 android.apis.google.com tcp
BE 74.125.206.188:5228 tcp
US 1.1.1.1:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
GB 216.58.212.238:443 tcp

Files

/data/misc/profiles/cur/0/com.example.smsread/primary.prof

MD5 9a6a54252b72bfa0ea252ab8483fc07f
SHA1 c90154853f3f288900adc62550e9244056ed1f4a
SHA256 31e53c5a9e125f0dd40a697994eadc2786fb58d369a8f35f7ccc22ab20646579
SHA512 45d98780c0e53fb8dfdbff25140b8fcdb282e3ab49548974e7c9b38d630b1c3f3950519a6e4bbaf7a867c337f566e95e5c4b9573318cadf2544828c81f4ebf5b

/data/data/com.example.smsread/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 043d9446088313919c011109e6eae121
SHA1 61a01ef8de681942b9f7b7c02439624f5d3d5dd9
SHA256 2705467d5eb79c6cf64a53dec850cb2dc79ab05be698b987c83cbf6e1f410cfd
SHA512 c6778a4f70673999e32c070487456de308a6aa60922759a1bb51d796f403e5b9ba9cb75be774006be02b720860e5ff5f1974007ab58e6df9f208f8d6c53e603f

/data/data/com.example.smsread/files/profileInstalled

MD5 ac5319797f11f584c66ae23e2d235189
SHA1 7eda989011ec211add0efe6f696c061d159765b5
SHA256 72c4182ffdad7a0bea7f9c056fe0da0d439d3d42d89df3d848e478e44746d73d
SHA512 dac5c29bf55a789a909b6255eaf36bfc2a737a9a064b7c24b8080ef1d3949f5eb48a8322b3e5bfc6d0da2bfe6ca6e485312a53b96aa713c77ba9510719ef95f3

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 23:00

Reported

2024-06-13 23:07

Platform

android-x64-arm64-20240611.1-en

Max time kernel

379s

Max time network

414s

Command Line

com.example.smsread

Signatures

N/A

Processes

com.example.smsread

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.200.10:443 tcp
GB 142.250.200.10:443 tcp
US 1.1.1.1:53 ssl.google-analytics.com udp
GB 142.250.187.238:443 tcp
US 1.1.1.1:53 android.apis.google.com udp
GB 142.250.179.228:443 tcp
GB 142.250.179.228:443 tcp
GB 142.250.200.2:443 tcp
GB 216.58.201.110:443 tcp
GB 216.58.212.227:443 tcp
US 1.1.1.1:53 rcs-acs-tmobile-us.jibe.google.com udp
US 216.239.36.155:443 rcs-acs-tmobile-us.jibe.google.com tcp
US 8.8.8.8:53 tcp
US 1.1.1.1:53 sticker-pa.googleapis.com udp
GB 216.58.201.106:443 sticker-pa.googleapis.com tcp
US 216.239.36.155:443 rcs-acs-tmobile-us.jibe.google.com tcp

Files

/data/misc/profiles/cur/0/com.example.smsread/primary.prof

MD5 9a6a54252b72bfa0ea252ab8483fc07f
SHA1 c90154853f3f288900adc62550e9244056ed1f4a
SHA256 31e53c5a9e125f0dd40a697994eadc2786fb58d369a8f35f7ccc22ab20646579
SHA512 45d98780c0e53fb8dfdbff25140b8fcdb282e3ab49548974e7c9b38d630b1c3f3950519a6e4bbaf7a867c337f566e95e5c4b9573318cadf2544828c81f4ebf5b

/data/data/com.example.smsread/files/profileinstaller_profileWrittenFor_lastUpdateTime.dat

MD5 2773f3d43841c1f285860554293a2023
SHA1 deab3ba90cea3f86bf609c160b05604e869a975c
SHA256 415382b831c26173154f21d773c7bdcfd76ad06eb02ff3483aa424841dc4eeee
SHA512 d4fe5f151977bb209d40dd342843f12a8c4545efecd502e714e4769605efa6eb7354906b2682f03edfc23401fb7a79505b196966834a36d061876551e97d6eaf

/data/misc/profiles/cur/0/com.example.smsread/primary.prof

MD5 f92b929789df6181897d5219c1d8aa56
SHA1 7cea1bb851568598b20d77501fac67124fa83d20
SHA256 dc1815791a016c4c133d8e6613e88d543cfb6ca5328d9603f09c6bc23330bafa
SHA512 9306e83ef41e8a7993dabc79d85e55b96e94657fa921400142eed12931a4d8930fd7d54c4b55383b283fd9d32c16232bf4778c260a21d3d11c6e68eff74c510e